{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"52.8.0esr-109.31.2","MozillaFirefox-devel":"52.8.0esr-109.31.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12 SP2-BCL","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"52.8.0esr-109.31.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox to the ESR 52.8 release fixes the following issues:\n\nMozil to Firefox ESR 52.8 (bsc#1092548)\n\nSecurity issues fixed:\n\n- MFSA 2018-12/CVE-2018-5159: Integer overflow and out-of-bounds write in Skia\n- MFSA 2018-12/CVE-2018-5158: Malicious PDF can inject JavaScript into PDF Viewer\n- MFSA 2018-12/CVE-2018-5168: Lightweight themes can be installed without user interaction\n- MFSA 2018-12/CVE-2018-5150: Memory safety bugs fixed in Firefox 60 and Firefox ESR 52.8\n- MFSA 2018-12/CVE-2018-5155: Use-after-free with SVG animations and text paths\n- MFSA 2018-12/CVE-2018-5183: Backport critical security fixes in Skia\n- MFSA 2018-12/CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files\n- MFSA 2018-12/CVE-2018-5154: Use-after-free with SVG animations and clip paths\n- MFSA 2018-12/CVE-2018-5178: Buffer overflow during UTF-8 to Unicode string conversion through legacy extension\n","id":"SUSE-SU-2018:1334-2","modified":"2018-10-18T12:44:56Z","published":"2018-10-18T12:44:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181334-2/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092548"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5150"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5154"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5155"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5157"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5158"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5159"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5168"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5174"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5178"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5183"}],"related":["CVE-2018-5150","CVE-2018-5154","CVE-2018-5155","CVE-2018-5157","CVE-2018-5158","CVE-2018-5159","CVE-2018-5168","CVE-2018-5174","CVE-2018-5178","CVE-2018-5183"],"summary":"Security update for MozillaFirefox","upstream":["CVE-2018-5150","CVE-2018-5154","CVE-2018-5155","CVE-2018-5157","CVE-2018-5158","CVE-2018-5159","CVE-2018-5168","CVE-2018-5174","CVE-2018-5178","CVE-2018-5183"]}