Linux Security
    Linux Security
    Linux Security

    SUSE: 2020:14548-1 important: MozillaFirefox

    Date 20 Nov 2020
    Posted By LinuxSecurity Advisories
    An update that fixes 12 vulnerabilities is now available.
       SUSE Security Update: Security update for MozillaFirefox
    Announcement ID:    SUSE-SU-2020:14548-1
    Rating:             important
    References:         #1178824 
    Cross-References:   CVE-2020-15999 CVE-2020-16012 CVE-2020-26951
                        CVE-2020-26953 CVE-2020-26956 CVE-2020-26958
                        CVE-2020-26959 CVE-2020-26960 CVE-2020-26961
                        CVE-2020-26965 CVE-2020-26966 CVE-2020-26968
    Affected Products:
                        SUSE Linux Enterprise Server 11-SP4-LTSS
                        SUSE Linux Enterprise Debuginfo 11-SP4
       An update that fixes 12 vulnerabilities is now available.
       This update for MozillaFirefox fixes the following issues:
       - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
         * CVE-2020-26951: Parsing mismatches could confuse and bypass security
           sanitizer for chrome privileged code
         * CVE-2020-16012: Variable time processing of cross-origin images during
           drawImage calls
         * CVE-2020-26953: Fullscreen could be enabled without displaying the
           security UI
         * CVE-2020-26956: XSS through paste (manual and clipboard API)
         * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked
           MIME type restrictions
         * CVE-2020-26959: Use-after-free in WebRequestService
         * CVE-2020-26960: Potential use-after-free in uses of nsTArray
         * CVE-2020-15999: Heap buffer overflow in freetype
         * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
         * CVE-2020-26965: Software keyboards may have remembered typed passwords
         * CVE-2020-26966: Single-word search queries were also broadcast to
           local network
         * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR
    Patch Instructions:
       To install this SUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
       Alternatively you can run the command listed for your product:
       - SUSE Linux Enterprise Server 11-SP4-LTSS:
          zypper in -t patch slessp4-MozillaFirefox-14548=1
       - SUSE Linux Enterprise Debuginfo 11-SP4:
          zypper in -t patch dbgsp4-MozillaFirefox-14548=1
    Package List:
       - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64):
       - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"160","title":"Just made the switch!","votes":"1","type":"x","order":"1","pct":14.29,"resources":[]},{"id":"161","title":"1-5 years","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":85.71,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.