Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
-
MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402).
-
CVE-2020-12405: Fixed a use-after-free in SharedWorkerService.
-
CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes.
-
CVE-2020-12410: Fixed multiple memory safety bugs.
Список пакетов
HPE Helion OpenStack 8
SUSE Enterprise Storage 5
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Ссылки
- Link for SUSE-SU-2020:1563-1
- E-Mail link for SUSE-SU-2020:1563-1
- SUSE Security Ratings
- SUSE Bug 1172402
- SUSE CVE CVE-2020-12405 page
- SUSE CVE CVE-2020-12406 page
- SUSE CVE CVE-2020-12410 page
Описание
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12405
- SUSE Bug 1172402
Описание
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12406
- SUSE Bug 1172402
Описание
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12410
- SUSE Bug 1172402