Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
-
MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402).
-
CVE-2020-12405: Fixed a use-after-free in SharedWorkerService.
-
CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes.
-
CVE-2020-12410: Fixed multiple memory safety bugs.
Список пакетов
Image SLES15-SAP-Azure-LI-BYOS-Production
Image SLES15-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15 SP2
Ссылки
- Link for SUSE-SU-2020:1556-1
- E-Mail link for SUSE-SU-2020:1556-1
- SUSE Security Ratings
- SUSE Bug 1172402
- SUSE CVE CVE-2020-12405 page
- SUSE CVE CVE-2020-12406 page
- SUSE CVE CVE-2020-12410 page
Описание
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12405
- SUSE Bug 1172402
Описание
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12406
- SUSE Bug 1172402
Описание
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12410
- SUSE Bug 1172402