 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.4.2020.14359.1 |
| Category: | SuSE Local Security Checks |
| Title: | SUSE: Security Advisory (SUSE-SU-2020:14359-1) |
| Summary: | The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14359-1 advisory. |
| Description: | Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14359-1 advisory. Vulnerability Insight: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.8.0 ESR MFSA 2020-17 (bsc#1171186) * CVE-2020-12387 (bmo#1545345) Use-after-free during worker shutdown * CVE-2020-12388 (bmo#1618911) Sandbox escape with improperly guarded Access Tokens * CVE-2020-12389 (bmo#1554110) Sandbox escape with improperly separated process types * CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP chunk input validation * CVE-2020-12392 (bmo#1614468) Arbitrary local file access with 'Copy as cURL' * CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704, bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076, bmo#1631508) Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 - Since firefox-gcc8 now has disabled autoreqprov for firefox-libstdc++6 and firefox-libgcc_s1, those packages don't provide some capabilities, we have to disable AutoReqProv in MozillaFirefox too so they're not added as automatic requirements. (bsc#1162828) Affected Software/OS: 'MozillaFirefox' package(s) on SUSE Linux Enterprise Server 11-SP4. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-12387 https://bugzilla.mozilla.org/show_bug.cgi?id=1545345 https://security.gentoo.org/glsa/202005-03 https://security.gentoo.org/glsa/202005-04 https://www.mozilla.org/security/advisories/mfsa2020-16/ https://www.mozilla.org/security/advisories/mfsa2020-17/ https://www.mozilla.org/security/advisories/mfsa2020-18/ https://usn.ubuntu.com/4373-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-12388 http://packetstormsecurity.com/files/157860/Firefox-Default-Content-Process-DACL-Sandbox-Escape.html https://bugzilla.mozilla.org/show_bug.cgi?id=1618911 Common Vulnerability Exposure (CVE) ID: CVE-2020-12389 https://bugzilla.mozilla.org/show_bug.cgi?id=1554110 Common Vulnerability Exposure (CVE) ID: CVE-2020-12392 https://bugzilla.mozilla.org/show_bug.cgi?id=1614468 Common Vulnerability Exposure (CVE) ID: CVE-2020-12393 https://bugzilla.mozilla.org/show_bug.cgi?id=1615471 Common Vulnerability Exposure (CVE) ID: CVE-2020-12395 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595886%2C1611482%2C1614704%2C1624098%2C1625749%2C1626382%2C1628076%2C1631508 Common Vulnerability Exposure (CVE) ID: CVE-2020-6831 Debian Security Information: DSA-4714 (Google Search) https://www.debian.org/security/2020/dsa-4714 http://packetstormsecurity.com/files/158480/usrsctp-Stack-Buffer-Overflow.html https://bugzilla.mozilla.org/show_bug.cgi?id=1632241 SuSE Security Announcement: openSUSE-SU-2020:0917 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00000.html |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |