Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE: 2020:1391-1 Moderate: MozillaFirefox Security Advisory

opensuse
Calendar Grey September 8, 2020
Dist Opensuse Esm H88
The recent update for Mozilla Firefox on openSUSE tackles significant vulnerabilities while improving overall system performance.
An update that fixes three vulnerabilities is now available.

Description

This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 78.2.0 ESR

* Fixed: Various stability, functionality, and security fixes

- Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686)

* CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla

Maintenance Service could have resulted in escalation of privilege

* CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension

installation

* CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957)

Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

- Fixed Firefox tab crash in FIPS mode (bsc#1174284).

- Fix broken translation-loading (bsc#1173991)

* allow addon sideloading

* mark signatures for langpacks non-mandatory

* do not autodisable user profile scopes

- Google API key is not usable for geolocation service any more

This update was imported from the SUSE:SLE-15:Update update project.

Topics%20covered

Topics Covered

security advisory moderate update vulnerability openSUSE MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-1391=1

Package List

- openSUSE Leap 15.2 (x86_64):

MozillaFirefox-78.2.0-lp152.2.18.1

MozillaFirefox-branding-upstream-78.2.0-lp152.2.18.1

MozillaFirefox-buildsymbols-78.2.0-lp152.2.18.1

MozillaFirefox-debuginfo-78.2.0-lp152.2.18.1

MozillaFirefox-debugsource-78.2.0-lp152.2.18.1

MozillaFirefox-devel-78.2.0-lp152.2.18.1

MozillaFirefox-translations-common-78.2.0-lp152.2.18.1

MozillaFirefox-translations-other-78.2.0-lp152.2.18.1

References

https://www.suse.com/security/cve/CVE-2020-15663.html

https://www.suse.com/security/cve/CVE-2020-15664.html

https://www.suse.com/security/cve/CVE-2020-15670.html

https://bugzilla.suse.com/1173991

https://bugzilla.suse.com/1174284

https://bugzilla.suse.com/1175686

--

Announcement ID: openSUSE-SU-2020:1391-1
Rating: moderate
Affected Products: openSUSE Leap 15.2

Topics%20covered

Topics Covered

security advisory moderate update vulnerability openSUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here