Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2020.14456.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2020:14456-1)
Summary:The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14456-1 advisory.
Description:Summary:
The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14456-1 advisory.

Vulnerability Insight:
This update for MozillaFirefox fixes the following issues:

Fix broken translation-loading (boo#1173991)
* allow addon sideloading
* mark signatures for langpacks non-mandatory
* do not autodisable user profile scopes

Google API key is not usable for geolocation service any more

Mozilla Firefox 78.1 ESR
* Fixed: Various stability, functionality, and security fixe (MFSA
2020-32) (bsc#1174538).
* CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when
loading scripts in a worker
* CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address
to peer
* CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass
Same-Origin Policy
* CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing
popups
* CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE
gl::Texture::onUnbindAsSamplerTexture
* CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in
IonMonkey
* CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk
* CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading
path
* CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface
* CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1643613, bmo#1644839,
bmo#1645835, bmo#1646006, bmo#1646787, bmo#1649347, bmo#1650811,
bmo#1651678) Memory safety bugs fixed in Firefox 79 and Firefox ESR
78.1

Add sle11-icu-generation-python3.patch to fix icu-generation
on big endian platforms

Mozilla Firefox 78.0.2 ESR
* MFSA 2020-28 (bsc#1173948)
* MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or
embed tags
* Fixed: Fixed an accessibility regression in reader mode (bmo#1650922)
* Fixed: Made the address bar more resilient to data corruption in the
user profile (bmo#1649981)
* Fixed: Fixed a regression opening certain external applications
(bmo#1650162)

Affected Software/OS:
'MozillaFirefox' package(s) on SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-6463
Debian Security Information: DSA-4714 (Google Search)
https://www.debian.org/security/2020/dsa-4714
Debian Security Information: DSA-4736 (Google Search)
https://www.debian.org/security/2020/dsa-4736
Debian Security Information: DSA-4740 (Google Search)
https://www.debian.org/security/2020/dsa-4740
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/
https://security.gentoo.org/glsa/202007-60
https://security.gentoo.org/glsa/202007-64
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html
https://crbug.com/1065186
https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html
SuSE Security Announcement: openSUSE-SU-2020:0823 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html
SuSE Security Announcement: openSUSE-SU-2020:0832 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html
SuSE Security Announcement: openSUSE-SU-2020:1147 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html
SuSE Security Announcement: openSUSE-SU-2020:1155 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html
SuSE Security Announcement: openSUSE-SU-2020:1179 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
SuSE Security Announcement: openSUSE-SU-2020:1189 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
SuSE Security Announcement: openSUSE-SU-2020:1205 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
https://usn.ubuntu.com/4443-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6514
Debian Security Information: DSA-4824 (Google Search)
https://www.debian.org/security/2021/dsa-4824
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/
https://security.gentoo.org/glsa/202007-08
https://security.gentoo.org/glsa/202101-30
http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html
https://crbug.com/1076703
SuSE Security Announcement: openSUSE-SU-2020:1048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html
SuSE Security Announcement: openSUSE-SU-2020:1061 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html
SuSE Security Announcement: openSUSE-SU-2020:1148 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html
SuSE Security Announcement: openSUSE-SU-2020:1172 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.