Security update for MozillaFirefox
Announcement ID: | SUSE-SU-2020:3383-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves 12 vulnerabilities can now be installed.
Description:
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 78.5.0 ESR (bsc#1178824)
- CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
- CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
- CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
- CVE-2020-26956: XSS through paste (manual and clipboard API)
- CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
- CVE-2020-26959: Use-after-free in WebRequestService
- CVE-2020-26960: Potential use-after-free in uses of nsTArray
- CVE-2020-15999: Heap buffer overflow in freetype
- CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
- CVE-2020-26965: Software keyboards may have remembered typed passwords
- CVE-2020-26966: Single-word search queries were also broadcast to local network
- CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Desktop Applications Module 15-SP1
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3383=1
Package List:
-
Desktop Applications Module 15-SP1 (aarch64 ppc64le s390x x86_64)
- MozillaFirefox-translations-common-78.5.0-3.119.1
- MozillaFirefox-devel-78.5.0-3.119.1
- MozillaFirefox-debuginfo-78.5.0-3.119.1
- MozillaFirefox-translations-other-78.5.0-3.119.1
- MozillaFirefox-debugsource-78.5.0-3.119.1
- MozillaFirefox-78.5.0-3.119.1
References:
- https://www.suse.com/security/cve/CVE-2020-15999.html
- https://www.suse.com/security/cve/CVE-2020-16012.html
- https://www.suse.com/security/cve/CVE-2020-26951.html
- https://www.suse.com/security/cve/CVE-2020-26953.html
- https://www.suse.com/security/cve/CVE-2020-26956.html
- https://www.suse.com/security/cve/CVE-2020-26958.html
- https://www.suse.com/security/cve/CVE-2020-26959.html
- https://www.suse.com/security/cve/CVE-2020-26960.html
- https://www.suse.com/security/cve/CVE-2020-26961.html
- https://www.suse.com/security/cve/CVE-2020-26965.html
- https://www.suse.com/security/cve/CVE-2020-26966.html
- https://www.suse.com/security/cve/CVE-2020-26968.html
- https://bugzilla.suse.com/show_bug.cgi?id=1178824