Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:0686-1 Important: MozillaFirefox Use-After-Free Security Fix

suse
Calendar Grey March 13, 2020
Dist Suse Esm H88
SUSE Security Patch for Google Chrome addresses severe vulnerabilities and enhances overall protection for users.
An update that fixes 7 vulnerabilities is now available

Summary

This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs

Topics%20covered

Topics Covered

security advisory important SUSE command injection memory safety use-after-free MozillaFirefox

References

#1132665 #1166238

Cross- CVE-2019-20503 CVE-2020-6805 CVE-2020-6806

CVE-2020-6807 CVE-2020-6811 CVE-2020-6812

CVE-2020-6814

Affected Products:

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP2

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Desktop Applications 15-SP2

SUSE Linux Enterprise Module for Desktop Applications 15-SP1

https://www.suse.com/security/cve/CVE-2019-20503.html

https://www.suse.com/security/cve/CVE-2020-6805.html

https://www.suse.com/security/cve/CVE-2020-6806.html

https://www.suse.com/security/cve/CVE-2020-6807.html

https://www.suse.com/security/cve/CVE-2020-6811.html

https://www.suse.com/security/cve/CVE-2020-6812.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0686-1
Rating: important

Topics%20covered

Topics Covered

security advisory important SUSE command injection memory safety use-after-free MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here