Описание
Security update for MozillaFirefox
Mozilla Firefox was updated to 68.6.1esr to fix critical security issues:
MFSA 2020-11 (boo#1168630)
- CVE-2020-6819: Use-after-free while running the nsDocShell destructor
- CVE-2020-6820: Use-after-free when handling a ReadableStream
Список пакетов
openSUSE Leap 15.1
MozillaFirefox-68.6.1-lp151.2.39.1
MozillaFirefox-branding-upstream-68.6.1-lp151.2.39.1
MozillaFirefox-buildsymbols-68.6.1-lp151.2.39.1
MozillaFirefox-devel-68.6.1-lp151.2.39.1
MozillaFirefox-translations-common-68.6.1-lp151.2.39.1
MozillaFirefox-translations-other-68.6.1-lp151.2.39.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0461-1
- SUSE Security Ratings
- SUSE Bug 1168630
- SUSE CVE CVE-2020-6819 page
- SUSE CVE CVE-2020-6820 page
Описание
Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Затронутые продукты
openSUSE Leap 15.1:MozillaFirefox-68.6.1-lp151.2.39.1
openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.6.1-lp151.2.39.1
openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.6.1-lp151.2.39.1
openSUSE Leap 15.1:MozillaFirefox-devel-68.6.1-lp151.2.39.1
Ссылки
- CVE-2020-6819
- SUSE Bug 1168630
- SUSE Bug 1168874
Описание
Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1.
Затронутые продукты
openSUSE Leap 15.1:MozillaFirefox-68.6.1-lp151.2.39.1
openSUSE Leap 15.1:MozillaFirefox-branding-upstream-68.6.1-lp151.2.39.1
openSUSE Leap 15.1:MozillaFirefox-buildsymbols-68.6.1-lp151.2.39.1
openSUSE Leap 15.1:MozillaFirefox-devel-68.6.1-lp151.2.39.1
Ссылки
- CVE-2020-6820
- SUSE Bug 1168630
- SUSE Bug 1168874