Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:3548-1 Important: MozillaFirefox Critical Security Issues

suse
Calendar Grey November 27, 2020
Dist Suse Esm H88
Crucial SUSE upgrade for MozillaFirefox addresses 12 severe vulnerabilities. Installation guidelines provided for multiple applications.
An update that fixes 12 vulnerabilities is now available

Summary

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses

Topics%20covered

Topics Covered

security advisory buffer overflow SUSE memory safety importance cross-origin MozillaFirefox

References

#1178824

Cross- CVE-2020-15999 CVE-2020-16012 CVE-2020-26951

CVE-2020-26953 CVE-2020-26956 CVE-2020-26958

CVE-2020-26959 CVE-2020-26960 CVE-2020-26961

CVE-2020-26965 CVE-2020-26966 CVE-2020-26968

Affected Products:

SUSE OpenStack Cloud Crowbar 9

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 9

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Software Development Kit 12-SP5

SUSE Linux Enterprise Server for SAP 12-SP4

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP5

SUSE Linux Enterprise Server 12-SP4-LTSS

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Ent...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:3548-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SUSE memory safety importance cross-origin MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here