Linux Security
    Linux Security
    Linux Security

    openSUSE: 2020:1017-1: important: MozillaFirefox

    Date
    145
    Posted By
    An update that fixes 13 vulnerabilities is now available.
       openSUSE Security Update: Security update for MozillaFirefox
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2020:1017-1
    Rating:             important
    References:         #1166238 #1173576 #1173613 
    Cross-References:   CVE-2020-12402 CVE-2020-12415 CVE-2020-12416
                        CVE-2020-12417 CVE-2020-12418 CVE-2020-12419
                        CVE-2020-12420 CVE-2020-12421 CVE-2020-12422
                        CVE-2020-12423 CVE-2020-12424 CVE-2020-12425
                        CVE-2020-12426
    Affected Products:
                        openSUSE Leap 15.1
    ______________________________________________________________________________
    
       An update that fixes 13 vulnerabilities is now available.
    
    Description:
    
       This update for MozillaFirefox to version 78.0.1 ESR fixes the following
       issues:
    
       Security issues fixed:
    
       - CVE-2020-12415: AppCache manifest poisoning due to url encoded character
         processing (bsc#1173576).
       - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576).
       - CVE-2020-12417: Memory corruption due to missing sign-extension for
         ValueTags on ARM64 (bsc#1173576).
       - CVE-2020-12418: Information disclosure due to manipulated URL object
         (bsc#1173576).
       - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576).
       - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
         (bsc#1173576).
       - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack
         (bsc#1173576).
       - CVE-2020-12421: Add-On updates did not respect the same certificate
         trust rules as software updates (bsc#1173576).
       - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer
         (bsc#1173576).
       - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library
         (bsc#1173576).
       - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a
         compromised content process (bsc#1173576).
       - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576).
       - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576).
       - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).
    
       Non-security issues fixed:
    
       - Fixed interaction with freetype6 (bsc#1173613).
    
       This update was imported from the SUSE:SLE-15:Update update project.
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2020-1017=1
    
    
    
    Package List:
    
       - openSUSE Leap 15.1 (x86_64):
    
          MozillaFirefox-78.0.1-lp151.2.53.1
          MozillaFirefox-branding-upstream-78.0.1-lp151.2.53.1
          MozillaFirefox-buildsymbols-78.0.1-lp151.2.53.1
          MozillaFirefox-debuginfo-78.0.1-lp151.2.53.1
          MozillaFirefox-debugsource-78.0.1-lp151.2.53.1
          MozillaFirefox-devel-78.0.1-lp151.2.53.1
          MozillaFirefox-translations-common-78.0.1-lp151.2.53.1
          MozillaFirefox-translations-other-78.0.1-lp151.2.53.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2020-12402.html
       https://www.suse.com/security/cve/CVE-2020-12415.html
       https://www.suse.com/security/cve/CVE-2020-12416.html
       https://www.suse.com/security/cve/CVE-2020-12417.html
       https://www.suse.com/security/cve/CVE-2020-12418.html
       https://www.suse.com/security/cve/CVE-2020-12419.html
       https://www.suse.com/security/cve/CVE-2020-12420.html
       https://www.suse.com/security/cve/CVE-2020-12421.html
       https://www.suse.com/security/cve/CVE-2020-12422.html
       https://www.suse.com/security/cve/CVE-2020-12423.html
       https://www.suse.com/security/cve/CVE-2020-12424.html
       https://www.suse.com/security/cve/CVE-2020-12425.html
       https://www.suse.com/security/cve/CVE-2020-12426.html
       https://bugzilla.suse.com/1166238
       https://bugzilla.suse.com/1173576
       https://bugzilla.suse.com/1173613
    
    -- 
    

    LinuxSecurity Poll

    Which aspect of server security are you most interested in learning more about?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/38-which-aspect-of-server-security-are-you-most-interested-in-learning-more-about?task=poll.vote&format=json
    38
    radio
    [{"id":"131","title":"Preventing information leakage","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"132","title":"Firewall considerations","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"133","title":"Permissions ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.