Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2020.14456.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2020:14456-1)
Zusammenfassung:The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14456-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14456-1 advisory.

Vulnerability Insight:
This update for MozillaFirefox fixes the following issues:

Fix broken translation-loading (boo#1173991)
* allow addon sideloading
* mark signatures for langpacks non-mandatory
* do not autodisable user profile scopes

Google API key is not usable for geolocation service any more

Mozilla Firefox 78.1 ESR
* Fixed: Various stability, functionality, and security fixe (MFSA
2020-32) (bsc#1174538).
* CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when
loading scripts in a worker
* CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address
to peer
* CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass
Same-Origin Policy
* CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing
popups
* CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE
gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in
IonMonkey
* CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk
* CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading
path
* CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface
* CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1643613, bmo#1644839,
bmo#1645835, bmo#1646006, bmo#1646787, bmo#1649347, bmo#1650811,
bmo#1651678) Memory safety bugs fixed in Firefox 79 and Firefox ESR
78.1

Add sle11-icu-generation-python3.patch to fix icu-generation
on big endian platforms

Mozilla Firefox 78.0.2 ESR
* MFSA 2020-28 (bsc#1173948)
* MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or
embed tags
* Fixed: Fixed an accessibility regression in reader mode (bmo#1650922)
* Fixed: Made the address bar more resilient to data corruption in the
user profile (bmo#1649981)
* Fixed: Fixed a regression opening certain external applications
(bmo#1650162)

Affected Software/OS:
'MozillaFirefox' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2020-6463
Debian Security Information: DSA-4714 (Google Search)
https://www.debian.org/security/2020/dsa-4714
Debian Security Information: DSA-4736 (Google Search)
https://www.debian.org/security/2020/dsa-4736
Debian Security Information: DSA-4740 (Google Search)
https://www.debian.org/security/2020/dsa-4740
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/
https://security.gentoo.org/glsa/202007-60
https://security.gentoo.org/glsa/202007-64
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html
https://crbug.com/1065186
https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html
SuSE Security Announcement: openSUSE-SU-2020:0823 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html
SuSE Security Announcement: openSUSE-SU-2020:0832 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html
SuSE Security Announcement: openSUSE-SU-2020:1147 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html
SuSE Security Announcement: openSUSE-SU-2020:1155 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html
SuSE Security Announcement: openSUSE-SU-2020:1179 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
SuSE Security Announcement: openSUSE-SU-2020:1189 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2020:1205 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
https://usn.ubuntu.com/4443-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6514
Debian Security Information: DSA-4824 (Google Search)
https://www.debian.org/security/2021/dsa-4824
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/
https://security.gentoo.org/glsa/202007-08
https://security.gentoo.org/glsa/202101-30
http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
https://crbug.com/1076703
SuSE Security Announcement: openSUSE-SU-2020:1048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html
SuSE Security Announcement: openSUSE-SU-2020:1061 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html
SuSE Security Announcement: openSUSE-SU-2020:1148 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html
SuSE Security Announcement: openSUSE-SU-2020:1172 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.