SuSE Local Security Checks : SUSE: Security Advisory (SUSE-SU-2020:0383-1)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.4.2020.0383.1

Categoría: SuSE Local Security Checks

Título: SUSE: Security Advisory (SUSE-SU-2020:0383-1)

Resumen: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:0383-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:0383-1 advisory.

Vulnerability Insight:
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 68.5.0 ESR
* Fixed: Various stability and security fixes

Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368)
* CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read
in the parent process
* CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open
permission could open arbitrary applications on Mac OSX
* CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could
result in JavaScript injection
* CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf
links from other applications, when Firefox is configured as default
pdf reader
* CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851,
bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in
Firefox 73 and Firefox ESR 68.5

Affected Software/OS:
'MozillaFirefox' package(s) on SUSE Linux Enterprise Module for Desktop Applications 15, SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-6796
https://security.gentoo.org/glsa/202003-02
https://bugzilla.mozilla.org/show_bug.cgi?id=1610426
https://www.mozilla.org/security/advisories/mfsa2020-05/
https://www.mozilla.org/security/advisories/mfsa2020-06/
https://usn.ubuntu.com/4278-2/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6797
https://bugzilla.mozilla.org/show_bug.cgi?id=1596668
https://www.mozilla.org/security/advisories/mfsa2020-07/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6798
https://security.gentoo.org/glsa/202003-10
https://bugzilla.mozilla.org/show_bug.cgi?id=1602944
https://usn.ubuntu.com/4328-1/
https://usn.ubuntu.com/4335-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6799
https://bugzilla.mozilla.org/show_bug.cgi?id=1606596
Common Vulnerability Exposure (CVE) ID: CVE-2020-6800
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777

Copyright Copyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.4.2020.0383.1
Categoría:	SuSE Local Security Checks
Título:	SUSE: Security Advisory (SUSE-SU-2020:0383-1)
Resumen:	The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:0383-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:0383-1 advisory. Vulnerability Insight: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 68.5.0 ESR * Fixed: Various stability and security fixes Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368) * CVE-2020-6796 (bmo#1610426) Missing bounds check on shared memory read in the parent process * CVE-2020-6797 (bmo#1596668) Extensions granted downloads.open permission could open arbitrary applications on Mac OSX * CVE-2020-6798 (bmo#1602944) Incorrect parsing of template tag could result in JavaScript injection * CVE-2020-6799 (bmo#1606596) Arbitrary code execution when opening pdf links from other applications, when Firefox is configured as default pdf reader * CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543, bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785) Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 Affected Software/OS: 'MozillaFirefox' package(s) on SUSE Linux Enterprise Module for Desktop Applications 15, SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2020-6796 https://security.gentoo.org/glsa/202003-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1610426 https://www.mozilla.org/security/advisories/mfsa2020-05/ https://www.mozilla.org/security/advisories/mfsa2020-06/ https://usn.ubuntu.com/4278-2/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6797 https://bugzilla.mozilla.org/show_bug.cgi?id=1596668 https://www.mozilla.org/security/advisories/mfsa2020-07/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6798 https://security.gentoo.org/glsa/202003-10 https://bugzilla.mozilla.org/show_bug.cgi?id=1602944 https://usn.ubuntu.com/4328-1/ https://usn.ubuntu.com/4335-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-6799 https://bugzilla.mozilla.org/show_bug.cgi?id=1606596 Common Vulnerability Exposure (CVE) ID: CVE-2020-6800 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777
Copyright	Copyright (C) 2021 Greenbone Networks GmbH