openSUSE-SU-2020:1732-1

Опубликовано: 25 окт. 2020

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 78.4.0 ESR
- Fixed: Various stability, functionality, and security fixes MFSA 2020-46 (bsc#1177872, bsc#1176756)
- CVE-2020-15969 Use-after-free in usersctp
- CVE-2020-15683 Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
- Fixed: Fixed legacy preferences not being properly applied when set via GPO

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

MozillaFirefox-78.4.0-lp151.2.73.1

MozillaFirefox-branding-upstream-78.4.0-lp151.2.73.1

MozillaFirefox-buildsymbols-78.4.0-lp151.2.73.1

MozillaFirefox-devel-78.4.0-lp151.2.73.1

MozillaFirefox-translations-common-78.4.0-lp151.2.73.1

MozillaFirefox-translations-other-78.4.0-lp151.2.73.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/E7GHJMBMQLXUP64YOBPBFDGB3EBMHTOF/
E-Mail link for openSUSE-SU-2020:1732-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1176756
SUSE Bug 1176756
https://bugzilla.suse.com/1177872
SUSE Bug 1177872
https://www.suse.com/security/cve/CVE-2020-15683/
SUSE CVE CVE-2020-15683 page
https://www.suse.com/security/cve/CVE-2020-15969/
SUSE CVE CVE-2020-15969 page

Описание

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.

Затронутые продукты

openSUSE Leap 15.1:MozillaFirefox-78.4.0-lp151.2.73.1

openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.4.0-lp151.2.73.1

openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.4.0-lp151.2.73.1

openSUSE Leap 15.1:MozillaFirefox-devel-78.4.0-lp151.2.73.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15683.html
CVE-2020-15683
https://bugzilla.suse.com/1177872
SUSE Bug 1177872
https://bugzilla.suse.com/1177977
SUSE Bug 1177977

Описание

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Затронутые продукты

openSUSE Leap 15.1:MozillaFirefox-78.4.0-lp151.2.73.1

openSUSE Leap 15.1:MozillaFirefox-branding-upstream-78.4.0-lp151.2.73.1

openSUSE Leap 15.1:MozillaFirefox-buildsymbols-78.4.0-lp151.2.73.1

openSUSE Leap 15.1:MozillaFirefox-devel-78.4.0-lp151.2.73.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15969.html
CVE-2020-15969
https://bugzilla.suse.com/1177408
SUSE Bug 1177408
https://bugzilla.suse.com/1177872
SUSE Bug 1177872
https://bugzilla.suse.com/1177977
SUSE Bug 1177977

openSUSE-SU-2020:1732-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-15683

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-15969

Описание

Затронутые продукты

Ссылки