Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2020:3458-1 Important: MozillaFirefox Security Issues Fixed

suse
Calendar Grey November 20, 2020
Dist Suse Esm H88
This security notice emphasizes essential updates addressing Mozilla Firefox weaknesses in SUSE Linux Enterprise 15-SP2.
An update that fixes 12 vulnerabilities is now available

Summary

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

Topics%20covered

Topics Covered

security advisory important SUSE Linux heap buffer overflow patch instructions MozillaFirefox cross-origin security

References

#1178824

Cross- CVE-2020-15999 CVE-2020-16012 CVE-2020-26951

CVE-2020-26953 CVE-2020-26956 CVE-2020-26958

CVE-2020-26959 CVE-2020-26960 CVE-2020-26961

CVE-2020-26965 CVE-2020-26966 CVE-2020-26968

Affected Products:

SUSE Linux Enterprise Module for Desktop Applications 15-SP2

https://www.suse.com/security/cve/CVE-2020-15999.html

https://www.suse.com/security/cve/CVE-2020-16012.html

https://www.suse.com/security/cve/CVE-2020-26951.html

https://www.suse.com/security/cve/CVE-2020-26953.html

https://www.suse.com/security/cve/CVE-2020-26956.html

https://www.suse.com/security/cve/CVE-2020-26958.html

https://www.suse.com/security/cve/CVE-2020-26959.html

https://www.suse.com/security/cve/CVE-2020-26960.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:3458-1
Rating: important

Topics%20covered

Topics Covered

security advisory important SUSE Linux heap buffer overflow patch instructions MozillaFirefox cross-origin security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here