Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2020:0717-1 Important: MozillaFirefox Command Injection Issues

suse
Calendar Grey March 19, 2020
Dist Suse Esm H88
Important SUSE security patch for MozillaFirefox resolves various vulnerabilities, enhancing system protection and reliability.
An update that fixes 7 vulnerabilities is now available

Summary

This update for MozillaFirefox fixes the following issues: MozillaFirefox was updated to 68.6.0 ESR (MFSA 2020-09 bsc#1132665 bsc#1166238) - CVE-2020-6805: Fixed a use-after-free when removing data about origins - CVE-2020-6806: Fixed improper protections against state confusion - CVE-2020-6807: Fixed a use-after-free in cubeb during stream destruction - CVE-2020-6811: Fixed an issue where copy as cURL' feature did not fully escape website-controlled data potentially leading to command injection - CVE-2019-20503: Fixed out of bounds reads in sctp_load_addresses_from_init - CVE-2020-6812: Fixed an issue where the names of AirPods with personally identifiable information were exposed to websites with camera or microphone permission - CVE-2020-6814: Fixed multiple memory safety bugs

Topics%20covered

Topics Covered

security advisory important SUSE command injection memory safety use-after-free MozillaFirefox

References

#1132665 #1166238

Cross- CVE-2019-20503 CVE-2020-6805 CVE-2020-6806

CVE-2020-6807 CVE-2020-6811 CVE-2020-6812

CVE-2020-6814

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Software Development Kit 12-SP4

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server for SAP 12-SP1

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server ...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0717-1
Rating: important

Topics%20covered

Topics Covered

security advisory important SUSE command injection memory safety use-after-free MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here