Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

openSUSE 15.2: 2020:1155-1 Important: MozillaFirefox Security Update

opensuse
Calendar Grey August 6, 2020
Dist Opensuse Esm H88
The recent OpenSUSE Security Patch for MozillaFirefox fixes 10 significant vulnerabilities; vital for maintaining system integrity and safeguarding user data.
An update that fixes 10 vulnerabilities is now available.

Description

This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 78.1.0 ESR

* Fixed: Various stability, functionality, and security fixes

(bsc#1174538)

* CVE-2020-15652: Potential leak of redirect targets when loading

scripts in a worker

* CVE-2020-6514: WebRTC data channel leaks internal address to peer

* CVE-2020-15655: Extension APIs could be used to bypass Same-Origin

Policy

* CVE-2020-15653: Bypassing iframe sandbox when allowing popups

* CVE-2020-6463: Use-after-free in ANGLE

gl::Texture::onUnbindAsSamplerTexture

* CVE-2020-15656: Type confusion for special arguments in IonMonkey

* CVE-2020-15658: Overriding file type when saving to disk

* CVE-2020-15657: DLL hijacking due to incorrect loading path

* CVE-2020-15654: Custom cursor can overlay user interface

* CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR

78.1

This update was...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory DoS important fix openSUSE MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1155=1

Package List

- openSUSE Leap 15.2 (x86_64):

MozillaFirefox-78.1.0-lp152.2.12.1

MozillaFirefox-branding-upstream-78.1.0-lp152.2.12.1

MozillaFirefox-buildsymbols-78.1.0-lp152.2.12.1

MozillaFirefox-debuginfo-78.1.0-lp152.2.12.1

MozillaFirefox-debugsource-78.1.0-lp152.2.12.1

MozillaFirefox-devel-78.1.0-lp152.2.12.1

MozillaFirefox-translations-common-78.1.0-lp152.2.12.1

MozillaFirefox-translations-other-78.1.0-lp152.2.12.1

References

https://www.suse.com/security/cve/CVE-2020-15652.html

https://www.suse.com/security/cve/CVE-2020-15653.html

https://www.suse.com/security/cve/CVE-2020-15654.html

https://www.suse.com/security/cve/CVE-2020-15655.html

https://www.suse.com/security/cve/CVE-2020-15656.html

https://www.suse.com/security/cve/CVE-2020-15657.html

https://www.suse.com/security/cve/CVE-2020-15658.html

https://www.suse.com/security/cve/CVE-2020-15659.html

https://www.suse.com/security/cve/CVE-2020-6463.html

https://www.suse.com/security/cve/CVE-2020-6514.html

https://bugzilla.suse.com/1174538

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1155-1
Rating: important
Affected Products: openSUSE Leap 15.2

Topics%20covered

Topics Covered

security advisory DoS important fix openSUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here