Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.2 Security Advisory: MozillaFirefox Important Update

opensuse
Calendar Grey November 25, 2020
Dist Opensuse Esm H88
A new update for Mozilla Firefox addresses 12 significant vulnerabilities. Discover further details in the security advisory.
An update that fixes 12 vulnerabilities is now available.

Description

This update for MozillaFirefox fixes the following issues:

- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)

* CVE-2020-26951: Parsing mismatches could confuse and bypass security

sanitizer for chrome privileged code

* CVE-2020-16012: Variable time processing of cross-origin images during

drawImage calls

* CVE-2020-26953: Fullscreen could be enabled without displaying the

security UI

* CVE-2020-26956: XSS through paste (manual and clipboard API)

* CVE-2020-26958: Requests intercepted through ServiceWorkers lacked

MIME type restrictions

* CVE-2020-26959: Use-after-free in WebRequestService

* CVE-2020-26960: Potential use-after-free in uses of nsTArray

* CVE-2020-15999: Heap buffer overflow in freetype

* CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

* CVE-2020-26965: Software keyboards may have remembered typed passwords

* CVE-2020-26966: Single-word...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update vulnerability patch important openSUSE MozillaFirefox

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2020-2020=1

Package List

- openSUSE Leap 15.2 (x86_64):

MozillaFirefox-78.5.0-lp152.2.30.1

MozillaFirefox-branding-upstream-78.5.0-lp152.2.30.1

MozillaFirefox-buildsymbols-78.5.0-lp152.2.30.1

MozillaFirefox-debuginfo-78.5.0-lp152.2.30.1

MozillaFirefox-debugsource-78.5.0-lp152.2.30.1

MozillaFirefox-devel-78.5.0-lp152.2.30.1

MozillaFirefox-translations-common-78.5.0-lp152.2.30.1

MozillaFirefox-translations-other-78.5.0-lp152.2.30.1

References

https://www.suse.com/security/cve/CVE-2020-15999.html

https://www.suse.com/security/cve/CVE-2020-16012.html

https://www.suse.com/security/cve/CVE-2020-26951.html

https://www.suse.com/security/cve/CVE-2020-26953.html

https://www.suse.com/security/cve/CVE-2020-26956.html

https://www.suse.com/security/cve/CVE-2020-26958.html

https://www.suse.com/security/cve/CVE-2020-26959.html

https://www.suse.com/security/cve/CVE-2020-26960.html

https://www.suse.com/security/cve/CVE-2020-26961.html

https://www.suse.com/security/cve/CVE-2020-26965.html

https://www.suse.com/security/cve/CVE-2020-26966.html

https://www.suse.com/security/cve/CVE-2020-26968.html

https://bugzilla.suse.com/1178824

openSUSE Security Announce mailing list -- security-announce@lists.opensuse.org

To unsubscribe, email security-announce-leave@lists.opensuse.org

List Netiquette: https://en.opensuse.org/openSUSE:Mailing_list_netiquette

List Archives:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:2020-1
Rating: important
Affected Products: openSUSE Leap 15.2

Topics%20covered

Topics Covered

security advisory update vulnerability patch important openSUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here