Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-12389 (GCVE-0-2018-12389)
Vulnerability from cvelistv5 – Published: 2019-02-28 18:00 – Updated: 2024-08-05 08:31
VLAI
EPSS
Summary
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
Severity
No CVSS data available.
CWE
- Memory safety bugs fixed in Firefox ESR 60.3
Assigner
References
17 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 60.3
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 60.3
(custom)
|
Date Public
2019-02-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:31:00.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105769"
},
{
"name": "DSA-4324",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-28/"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-04"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4337",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4337"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
},
{
"name": "RHSA-2018:3005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3005"
},
{
"name": "RHSA-2018:3006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3006"
},
{
"name": "USN-3868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "RHSA-2018:3532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198"
},
{
"name": "105723",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105723"
},
{
"name": "RHSA-2018:3531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
},
{
"name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
},
{
"name": "1041944",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041944"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "60.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2019-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox ESR 60.3",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-01T10:57:01.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"name": "105769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105769"
},
{
"name": "DSA-4324",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-28/"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-04"
},
{
"name": "GLSA-201811-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4337",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4337"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
},
{
"name": "RHSA-2018:3005",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3005"
},
{
"name": "RHSA-2018:3006",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3006"
},
{
"name": "USN-3868-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "RHSA-2018:3532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198"
},
{
"name": "105723",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105723"
},
{
"name": "RHSA-2018:3531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
},
{
"name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
},
{
"name": "1041944",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041944"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-12389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.3"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "60.3"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox ESR 60.3"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105769"
},
{
"name": "DSA-4324",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4324"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-28/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-28/"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html"
},
{
"name": "GLSA-201811-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-04"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "DSA-4337",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4337"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-27/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-27/"
},
{
"name": "RHSA-2018:3005",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3005"
},
{
"name": "RHSA-2018:3006",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3006"
},
{
"name": "USN-3868-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "RHSA-2018:3532",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198"
},
{
"name": "105723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105723"
},
{
"name": "RHSA-2018:3531",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
},
{
"name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1571-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html"
},
{
"name": "1041944",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041944"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2018-12389",
"datePublished": "2019-02-28T18:00:00.000Z",
"dateReserved": "2018-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:31:00.289Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-12389",
"date": "2026-05-27",
"epss": "0.01766",
"percentile": "0.82894"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12389\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2019-02-28T18:29:00.320\",\"lastModified\":\"2025-11-25T17:50:16.803\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.\"},{\"lang\":\"es\",\"value\":\"Los desarrolladores de Mozilla y los miembros de la comunidad reportaron problemas de seguridad existentes en Firefox ESR 60.2. Algunos de estos errores mostraban evidencias de corrupci\u00f3n de memoria y se cree que, con el esfuerzo necesario, se podr\u00edan explotar para ejecutar c\u00f3digo arbitrario. La vulnerabilidad afecta a Firefox ESR en versiones anteriores a la 60.3 y Thunderbird en versiones anteriores a la 60.3.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.3.0\",\"matchCriteriaId\":\"411B1F46-93E8-4CC5-ADCB-808E89B467E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"60.3.0\",\"matchCriteriaId\":\"B8C6DDE1-D17F-49AB-9521-C79D5B4618BD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33C068A4-3780-4EAB-A937-6082DF847564\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51EF4996-72F4-4FA4-814F-F5991E7A8318\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B353CE99-D57C-465B-AAB0-73EF581127D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF77CDCF-B9C9-427D-B2BF-36650FB2148C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B76AA310-FEC7-497F-AF04-C3EC1E76C4CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"825ECE2D-E232-46E0-A047-074B34DB1E97\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105723\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105769\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041944\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3005\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3006\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3531\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3532\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198\",\"source\":\"security@mozilla.org\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-04\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3868-1/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4324\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4337\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-27/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-28/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/105769\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041944\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3005\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3531\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3532\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1498460%2C1499198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201811-13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3868-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4324\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2018/dsa-4337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-27/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2018-28/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
RHSA-2018:3531
Vulnerability from csaf_redhat - Published: 2018-11-09 11:54 - Updated: 2026-01-13 22:06Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.3.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390)
* Mozilla: Crash with nested event loops (CVE-2018-12392)
* Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393)
* Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, and Daniel Veditz as the original reporters.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
8.8 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
9.8 (Critical)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
9.8 (Critical)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
7.5 (High)
Affected products
Fixed
27 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
27 references
Acknowledgments
the Mozilla project
Daniel Veditz
Philipp
Jason Kratzer
Jed Davis
Taegeon Lee
Philipp
Ronald Crane
Raul Gurzau
Gary Kwong
Tyson Smith
Raymond Forbes
Bogdan Tara
Christian Holler
Bob Owen
Boris Zbarsky
Calixte Denizet
Nils
Zero Day LLC
R
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.3.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390)\n\n* Mozilla: Crash with nested event loops (CVE-2018-12392)\n\n* Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393)\n\n* Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, and Daniel Veditz as the original reporters.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3531",
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1642179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642179"
},
{
"category": "external",
"summary": "1642180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642180"
},
{
"category": "external",
"summary": "1642182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642182"
},
{
"category": "external",
"summary": "1642183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3531.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2026-01-13T22:06:26+00:00",
"generator": {
"date": "2026-01-13T22:06:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2018:3531",
"initial_release_date": "2018-11-09T11:54:03+00:00",
"revision_history": [
{
"date": "2018-11-09T11:54:03+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-09T11:54:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:6::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"product_id": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@60.3.0-1.el6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el6.x86_64",
"product": {
"name": "thunderbird-0:60.3.0-1.el6.x86_64",
"product_id": "thunderbird-0:60.3.0-1.el6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"product": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"product_id": "thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@60.3.0-1.el6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el6.i686",
"product": {
"name": "thunderbird-0:60.3.0-1.el6.i686",
"product_id": "thunderbird-0:60.3.0-1.el6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el6.src",
"product": {
"name": "thunderbird-0:60.3.0-1.el6.src",
"product_id": "thunderbird-0:60.3.0-1.el6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"product": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"product_id": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@60.3.0-1.el6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el6.s390x",
"product": {
"name": "thunderbird-0:60.3.0-1.el6.s390x",
"product_id": "thunderbird-0:60.3.0-1.el6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"product": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"product_id": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@60.3.0-1.el6?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el6.ppc64",
"product": {
"name": "thunderbird-0:60.3.0-1.el6.ppc64",
"product_id": "thunderbird-0:60.3.0-1.el6.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el6?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.src as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.src",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.i686 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 6)",
"product_id": "6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"relates_to_product_reference": "6Client-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.src as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.src",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 6)",
"product_id": "6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"relates_to_product_reference": "6Server-optional-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.src as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.src",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64"
},
"product_reference": "thunderbird-0:60.3.0-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.i686 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"relates_to_product_reference": "6Workstation-6.10.z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 6)",
"product_id": "6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"relates_to_product_reference": "6Workstation-6.10.z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Daniel Veditz",
"Philipp"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12389",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642179"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox ESR 60.3",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "RHBZ#1642179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12389",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12389"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox ESR 60.3"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Jason Kratzer",
"Jed Davis",
"Taegeon Lee",
"Philipp",
"Ronald Crane",
"Raul Gurzau",
"Gary Kwong",
"Tyson Smith",
"Raymond Forbes",
"Bogdan Tara",
"Christian Holler",
"Bob Owen",
"Boris Zbarsky",
"Calixte Denizet"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12390",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642180"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "RHBZ#1642180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12390"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12392",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642182"
}
],
"notes": [
{
"category": "description",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Crash with nested event loops",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "RHBZ#1642182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12392",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12392"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Crash with nested event loops"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"R"
],
"organization": "Zero Day LLC",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12393",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642183"
}
],
"notes": [
{
"category": "description",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Integer overflow during Unicode conversion while loading JavaScript",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "RHBZ#1642183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12393",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12393"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:03+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3531"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Client-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Client-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Server-optional-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Server-optional-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.src",
"6Workstation-6.10.z:thunderbird-0:60.3.0-1.el6.x86_64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.i686",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.ppc64",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.s390x",
"6Workstation-6.10.z:thunderbird-debuginfo-0:60.3.0-1.el6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Integer overflow during Unicode conversion while loading JavaScript"
}
]
}
RHSA-2018:3532
Vulnerability from csaf_redhat - Published: 2018-11-09 11:54 - Updated: 2026-01-13 22:06Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 60.3.0.
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390)
* Mozilla: Crash with nested event loops (CVE-2018-12392)
* Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393)
* Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, and Daniel Veditz as the original reporters.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 60.3 and Thunderbird < 60.3.
8.8 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Low
Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
9.8 (Critical)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Critical
When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
9.8 (Critical)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.
7.5 (High)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
27 references
Acknowledgments
the Mozilla project
Daniel Veditz
Philipp
Jason Kratzer
Jed Davis
Taegeon Lee
Philipp
Ronald Crane
Raul Gurzau
Gary Kwong
Tyson Smith
Raymond Forbes
Bogdan Tara
Christian Holler
Bob Owen
Boris Zbarsky
Calixte Denizet
Nils
Zero Day LLC
R
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 60.3.0.\n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3 (CVE-2018-12390)\n\n* Mozilla: Crash with nested event loops (CVE-2018-12392)\n\n* Mozilla: Integer overflow during Unicode conversion while loading JavaScript (CVE-2018-12393)\n\n* Mozilla: Memory safety bugs fixed in Firefox ESR 60.3 (CVE-2018-12389)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Christian Holler, Bob Owen, Boris Zbarsky, Calixte Denizet, Jason Kratzer, Jed Davis, Taegeon Lee, Philipp, Ronald Crane, Raul Gurzau, Gary Kwong, Tyson Smith, Raymond Forbes, Bogdan Tara, Nils, r, and Daniel Veditz as the original reporters.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:3532",
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "1642179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642179"
},
{
"category": "external",
"summary": "1642180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642180"
},
{
"category": "external",
"summary": "1642182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642182"
},
{
"category": "external",
"summary": "1642183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642183"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3532.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2026-01-13T22:06:40+00:00",
"generator": {
"date": "2026-01-13T22:06:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2018:3532",
"initial_release_date": "2018-11-09T11:54:17+00:00",
"revision_history": [
{
"date": "2018-11-09T11:54:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-11-09T11:54:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-13T22:06:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el7_5.x86_64",
"product": {
"name": "thunderbird-0:60.3.0-1.el7_5.x86_64",
"product_id": "thunderbird-0:60.3.0-1.el7_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el7_5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"product_id": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@60.3.0-1.el7_5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el7_5.src",
"product": {
"name": "thunderbird-0:60.3.0-1.el7_5.src",
"product_id": "thunderbird-0:60.3.0-1.el7_5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el7_5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el7_5.ppc64le",
"product": {
"name": "thunderbird-0:60.3.0-1.el7_5.ppc64le",
"product_id": "thunderbird-0:60.3.0-1.el7_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el7_5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"product_id": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@60.3.0-1.el7_5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:60.3.0-1.el7_5.aarch64",
"product": {
"name": "thunderbird-0:60.3.0-1.el7_5.aarch64",
"product_id": "thunderbird-0:60.3.0-1.el7_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@60.3.0-1.el7_5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"product_id": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@60.3.0-1.el7_5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.src",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Client-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.src",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Server-optional-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.src",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Server-optional-Alt-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.src",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"relates_to_product_reference": "7Workstation-7.6.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"relates_to_product_reference": "7Workstation-7.6.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Daniel Veditz",
"Philipp"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12389",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642179"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox ESR 60.3",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "RHBZ#1642179",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642179"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12389",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12389"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12389",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12389"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12389"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox ESR 60.3"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Jason Kratzer",
"Jed Davis",
"Taegeon Lee",
"Philipp",
"Ronald Crane",
"Raul Gurzau",
"Gary Kwong",
"Tyson Smith",
"Raymond Forbes",
"Bogdan Tara",
"Christian Holler",
"Bob Owen",
"Boris Zbarsky",
"Calixte Denizet"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12390",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642180"
}
],
"notes": [
{
"category": "description",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "RHBZ#1642180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12390"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12390"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Nils"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12392",
"cwe": {
"id": "CWE-364",
"name": "Signal Handler Race Condition"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642182"
}
],
"notes": [
{
"category": "description",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Crash with nested event loops",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "RHBZ#1642182",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642182"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12392",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12392"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12392",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12392"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12392"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Crash with nested event loops"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"R"
],
"organization": "Zero Day LLC",
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-12393",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2018-10-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1642183"
}
],
"notes": [
{
"category": "description",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Integer overflow during Unicode conversion while loading JavaScript",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "RHBZ#1642183",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642183"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12393",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12393"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12393",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12393"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/#CVE-2018-12393"
}
],
"release_date": "2018-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-11-09T11:54:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:3532"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Client-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Client-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Server-optional-Alt-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Server-optional-Alt-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.src",
"7Workstation-7.6.Z:thunderbird-0:60.3.0-1.el7_5.x86_64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.aarch64",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.ppc64le",
"7Workstation-7.6.Z:thunderbird-debuginfo-0:60.3.0-1.el7_5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Integer overflow during Unicode conversion while loading JavaScript"
}
]
}
SUSE-SU-2018:3656-1
Vulnerability from csaf_suse - Published: 2018-11-07 15:20 - Updated: 2018-11-07 15:20Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames: SUSE-SLE-Module-Desktop-Applications-15-2018-2609,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2609
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Desktop-Applications-15-2018-2609,SUSE-SLE-Module-Development-Tools-OBS-15-2018-2609",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3656-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3656-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183656-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3656-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004835.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2018-11-07T15:20:16Z",
"generator": {
"date": "2018-11-07T15:20:16Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3656-1",
"initial_release_date": "2018-11-07T15:20:16Z",
"revision_history": [
{
"date": "2018-11-07T15:20:16Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-60.3.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-60.3.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.s390x",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.s390x",
"product_id": "MozillaFirefox-60.3.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-60.3.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64",
"product_id": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product": {
"name": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-desktop-applications:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64 as component of SUSE Linux Enterprise Module for Desktop Applications 15",
"product_id": "SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Desktop Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-devel-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-common-60.3.0-3.17.1.x86_64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.aarch64",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.ppc64le",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.s390x",
"SUSE Linux Enterprise Module for Desktop Applications 15:MozillaFirefox-translations-other-60.3.0-3.17.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-07T15:20:16Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
SUSE-SU-2018:3749-1
Vulnerability from csaf_suse - Published: 2018-11-13 07:38 - Updated: 2018-11-13 07:38Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames: SUSE-OpenStack-Cloud-7-2018-2648,SUSE-SLE-DESKTOP-12-SP3-2018-2648,SUSE-SLE-SAP-12-SP2-2018-2648,SUSE-SLE-SDK-12-SP3-2018-2648,SUSE-SLE-SERVER-12-2018-2648,SUSE-SLE-SERVER-12-SP1-2018-2648,SUSE-SLE-SERVER-12-SP2-2018-2648,SUSE-SLE-SERVER-12-SP2-BCL-2018-2648,SUSE-SLE-SERVER-12-SP3-2018-2648,SUSE-Storage-4-2018-2648
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
67 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
67 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
67 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
67 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
67 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
67 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
67 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-OpenStack-Cloud-7-2018-2648,SUSE-SLE-DESKTOP-12-SP3-2018-2648,SUSE-SLE-SAP-12-SP2-2018-2648,SUSE-SLE-SDK-12-SP3-2018-2648,SUSE-SLE-SERVER-12-2018-2648,SUSE-SLE-SERVER-12-SP1-2018-2648,SUSE-SLE-SERVER-12-SP2-2018-2648,SUSE-SLE-SERVER-12-SP2-BCL-2018-2648,SUSE-SLE-SERVER-12-SP3-2018-2648,SUSE-Storage-4-2018-2648",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3749-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3749-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183749-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3749-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004846.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2018-11-13T07:38:40Z",
"generator": {
"date": "2018-11-13T07:38:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3749-1",
"initial_release_date": "2018-11-13T07:38:40Z",
"revision_history": [
{
"date": "2018-11-13T07:38:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP3",
"product_id": "SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP3",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP3",
"product_id": "SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Enterprise Storage 4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP1-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP2-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP3:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE OpenStack Cloud 7:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-13T07:38:40Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
SUSE-SU-2018:3749-2
Vulnerability from csaf_suse - Published: 2018-12-06 12:51 - Updated: 2018-12-06 12:51Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames: SUSE-SLE-DESKTOP-12-SP4-2018-2648,SUSE-SLE-SDK-12-SP4-2018-2648,SUSE-SLE-SERVER-12-SP4-2018-2648
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
22 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-SP4-2018-2648,SUSE-SLE-SDK-12-SP4-2018-2648,SUSE-SLE-SERVER-12-SP4-2018-2648",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3749-2.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3749-2",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183749-2/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3749-2",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-December/004932.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2018-12-06T12:51:24Z",
"generator": {
"date": "2018-12-06T12:51:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3749-2",
"initial_release_date": "2018-12-06T12:51:24Z",
"revision_history": [
{
"date": "2018-12-06T12:51:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-60.3.0-109.50.2.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-60.3.0-109.50.2.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-12-06T12:51:24Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
SUSE-SU-2018:3749-3
Vulnerability from csaf_suse - Published: 2019-04-27 16:09 - Updated: 2019-04-27 16:09Summary
Security update for MozillaFirefox
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox
Description of the patch: This update for MozillaFirefox fixes the following issues:
Security issues fixed:
- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)
- CVE-2018-12392: Crash with nested event loops.
- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.
- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.
- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.
- CVE-2018-12397: WebExtension local file access vulnerability.
- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.
- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.
Patchnames: SUSE-SLE-SAP-12-SP1-2019-1079
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.1 (Medium)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
26 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox fixes the following issues:\n\nSecurity issues fixed:\n\n- Update to Mozilla Firefox 60.3.0esr: MFSA 2018-27 (bsc#1112852)\n- CVE-2018-12392: Crash with nested event loops.\n- CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript.\n- CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting.\n- CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts.\n- CVE-2018-12397: WebExtension local file access vulnerability.\n- CVE-2018-12389: Memory safety bugs fixed in Firefox ESR 60.3.\n- CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2019-1079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3749-3.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3749-3",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183749-3/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3749-3",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-April/005382.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12395 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12396 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12397/"
}
],
"title": "Security update for MozillaFirefox",
"tracking": {
"current_release_date": "2019-04-27T16:09:30Z",
"generator": {
"date": "2019-04-27T16:09:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3749-3",
"initial_release_date": "2019-04-27T16:09:30Z",
"revision_history": [
{
"date": "2019-04-27T16:09:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"product_id": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
},
{
"cve": "CVE-2018-12395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12395"
}
],
"notes": [
{
"category": "general",
"text": "By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12395",
"url": "https://www.suse.com/security/cve/CVE-2018-12395"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12395",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12395"
},
{
"cve": "CVE-2018-12396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12396"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability where a WebExtension can run content scripts in disallowed contexts following navigation or other events. This allows for potential privilege escalation by the WebExtension on sites where content scripts should not be run. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12396",
"url": "https://www.suse.com/security/cve/CVE-2018-12396"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12396",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12396"
},
{
"cve": "CVE-2018-12397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12397"
}
],
"notes": [
{
"category": "general",
"text": "A WebExtension can request access to local files without the warning prompt stating that the extension will \"Access your data for all websites\" being displayed to the user. This allows extensions to run content scripts in local pages without permission warnings when a local file is opened. This vulnerability affects Firefox ESR \u003c 60.3 and Firefox \u003c 63.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12397",
"url": "https://www.suse.com/security/cve/CVE-2018-12397"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12397",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-devel-60.3.0-109.50.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-common-60.3.0-109.50.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-04-27T16:09:30Z",
"details": "important"
}
],
"title": "CVE-2018-12397"
}
]
}
SUSE-SU-2018:3769-1
Vulnerability from csaf_suse - Published: 2018-11-14 13:15 - Updated: 2018-11-14 13:15Summary
Security update for MozillaThunderbird
Severity
Important
Notes
Title of the patch: Security update for MozillaThunderbird
Description of the patch: This update for MozillaThunderbird fixes the following issues:
Thunderbird 63 ESR was updated to version 60.3.0 to fix the following issues (bsc#1112852):
Security issues fixed (MFSA 2018-28):
- CVE-2018-12389: Fixed memory safety bugs.
- CVE-2018-12390: Fixed memory safety bugs.
- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin.
- CVE-2018-12392: Fixed crash with nested event loops.
- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript.
Non-security issues fixed:
- various theme fixes
- Shift+PageUp/PageDown in Write window
- Gloda attachment filtering
- Mailing list address auto-complete enter/return handling
- Thunderbird hung if HTML signature references non-existent image
- Filters not working for headers that appear more than once
- Update _constraints for armv6/7
- Add memory-constraints to avoid OOM errors
Patchnames: SUSE-SLE-Product-WE-15-2018-2660
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
20 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaThunderbird",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaThunderbird fixes the following issues:\n\nThunderbird 63 ESR was updated to version 60.3.0 to fix the following issues (bsc#1112852):\n\nSecurity issues fixed (MFSA 2018-28):\n\n- CVE-2018-12389: Fixed memory safety bugs.\n- CVE-2018-12390: Fixed memory safety bugs.\n- CVE-2018-12391: Fixed HTTP Live Stream audio data is accessible cross-origin.\n- CVE-2018-12392: Fixed crash with nested event loops.\n- CVE-2018-12393: Fixed integer overflow during Unicode conversion while loading JavaScript.\n\nNon-security issues fixed:\n\n- various theme fixes\n- Shift+PageUp/PageDown in Write window\n- Gloda attachment filtering\n- Mailing list address auto-complete enter/return handling\n- Thunderbird hung if HTML signature references non-existent image\n- Filters not working for headers that appear more than once\n- Update _constraints for armv6/7\n- Add memory-constraints to avoid OOM errors\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Product-WE-15-2018-2660",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3769-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:3769-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20183769-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:3769-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-November/004851.html"
},
{
"category": "self",
"summary": "SUSE Bug 1112852",
"url": "https://bugzilla.suse.com/1112852"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12389 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12390 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12391 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12391/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12392 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12393 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12393/"
}
],
"title": "Security update for MozillaThunderbird",
"tracking": {
"current_release_date": "2018-11-14T13:15:48Z",
"generator": {
"date": "2018-11-14T13:15:48Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:3769-1",
"initial_release_date": "2018-11-14T13:15:48Z",
"revision_history": [
{
"date": "2018-11-14T13:15:48Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaThunderbird-60.3.0-3.17.2.x86_64",
"product": {
"name": "MozillaThunderbird-60.3.0-3.17.2.x86_64",
"product_id": "MozillaThunderbird-60.3.0-3.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"product_id": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64",
"product": {
"name": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64",
"product_id": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15",
"product_id": "SUSE Linux Enterprise Workstation Extension 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-60.3.0-3.17.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
"product_id": "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64"
},
"product_reference": "MozillaThunderbird-60.3.0-3.17.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
"product_id": "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
"product_id": "SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
},
"product_reference": "MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12389"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 60.3 and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12389",
"url": "https://www.suse.com/security/cve/CVE-2018-12389"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12389",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-14T13:15:48Z",
"details": "important"
}
],
"title": "CVE-2018-12389"
},
{
"cve": "CVE-2018-12390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12390"
}
],
"notes": [
{
"category": "general",
"text": "Mozilla developers and community members reported memory safety bugs present in Firefox 62 and Firefox ESR 60.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12390",
"url": "https://www.suse.com/security/cve/CVE-2018-12390"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12390",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-14T13:15:48Z",
"details": "important"
}
],
"title": "CVE-2018-12390"
},
{
"cve": "CVE-2018-12391",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12391"
}
],
"notes": [
{
"category": "general",
"text": "During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12391",
"url": "https://www.suse.com/security/cve/CVE-2018-12391"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12391",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-14T13:15:48Z",
"details": "important"
}
],
"title": "CVE-2018-12391"
},
{
"cve": "CVE-2018-12392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12392"
}
],
"notes": [
{
"category": "general",
"text": "When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12392",
"url": "https://www.suse.com/security/cve/CVE-2018-12392"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12392",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-14T13:15:48Z",
"details": "important"
}
],
"title": "CVE-2018-12392"
},
{
"cve": "CVE-2018-12393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12393"
}
],
"notes": [
{
"category": "general",
"text": "A potential vulnerability was found in 32-bit builds where an integer overflow during the conversion of scripts to an internal UTF-16 representation could result in allocating a buffer too small for the conversion. This leads to a possible out-of-bounds write. *Note: 64-bit builds are not vulnerable to this issue.*. This vulnerability affects Firefox \u003c 63, Firefox ESR \u003c 60.3, and Thunderbird \u003c 60.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12393",
"url": "https://www.suse.com/security/cve/CVE-2018-12393"
},
{
"category": "external",
"summary": "SUSE Bug 1112852 for CVE-2018-12393",
"url": "https://bugzilla.suse.com/1112852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-common-60.3.0-3.17.2.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:MozillaThunderbird-translations-other-60.3.0-3.17.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-11-14T13:15:48Z",
"details": "important"
}
],
"title": "CVE-2018-12393"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…