Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
-
MozillaFirefox was updated to version 68.9.0 Extended Support Release (bsc#1172402).
-
CVE-2020-12405: Fixed a use-after-free in SharedWorkerService.
-
CVE-2020-12406: Fixed a JavaScript Type confusion with NativeTypes.
-
CVE-2020-12410: Fixed multiple memory safety bugs.
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0789-1
- SUSE Security Ratings
- SUSE Bug 1172402
- SUSE CVE CVE-2020-12405 page
- SUSE CVE CVE-2020-12406 page
- SUSE CVE CVE-2020-12410 page
Описание
When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12405
- SUSE Bug 1172402
Описание
Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12406
- SUSE Bug 1172402
Описание
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
Затронутые продукты
Ссылки
- CVE-2020-12410
- SUSE Bug 1172402