Test ID:	1.3.6.1.4.1.25623.1.1.4.2020.14456.1
Category:	SuSE Local Security Checks
Title:	SUSE: Security Advisory (SUSE-SU-2020:14456-1)
Summary:	The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14456-1 advisory.
Description:	Summary: The remote host is missing an update for the 'MozillaFirefox' package(s) announced via the SUSE-SU-2020:14456-1 advisory. Vulnerability Insight: This update for MozillaFirefox fixes the following issues: - Fix broken translation-loading (boo#1173991) * allow addon sideloading * mark signatures for langpacks non-mandatory * do not autodisable user profile scopes - Google API key is not usable for geolocation service any more - Mozilla Firefox 78.1 ESR * Fixed: Various stability, functionality, and security fixe (MFSA 2020-32) (bsc#1174538). * CVE-2020-15652 (bmo#1634872) Potential leak of redirect targets when loading scripts in a worker * CVE-2020-6514 (bmo#1642792) WebRTC data channel leaks internal address to peer * CVE-2020-15655 (bmo#1645204) Extension APIs could be used to bypass Same-Origin Policy * CVE-2020-15653 (bmo#1521542) Bypassing iframe sandbox when allowing popups * CVE-2020-6463 (bmo#1635293) Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture * CVE-2020-15656 (bmo#1647293) Type confusion for special arguments in IonMonkey * CVE-2020-15658 (bmo#1637745) Overriding file type when saving to disk * CVE-2020-15657 (bmo#1644954) DLL hijacking due to incorrect loading path * CVE-2020-15654 (bmo#1648333) Custom cursor can overlay user interface * CVE-2020-15659 (bmo#1550133, bmo#1633880, bmo#1643613, bmo#1644839, bmo#1645835, bmo#1646006, bmo#1646787, bmo#1649347, bmo#1650811, bmo#1651678) Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1 - Add sle11-icu-generation-python3.patch to fix icu-generation on big endian platforms - Mozilla Firefox 78.0.2 ESR * MFSA 2020-28 (bsc#1173948) * MFSA-2020-0003 (bmo#1644076) X-Frame-Options bypass using object or embed tags * Fixed: Fixed an accessibility regression in reader mode (bmo#1650922) * Fixed: Made the address bar more resilient to data corruption in the user profile (bmo#1649981) * Fixed: Fixed a regression opening certain external applications (bmo#1650162) Affected Software/OS: 'MozillaFirefox' package(s) on SUSE Linux Enterprise Server 11-SP4. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-15652 https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 https://www.mozilla.org/security/advisories/mfsa2020-30/ https://www.mozilla.org/security/advisories/mfsa2020-31/ https://www.mozilla.org/security/advisories/mfsa2020-32/ https://www.mozilla.org/security/advisories/mfsa2020-33/ https://www.mozilla.org/security/advisories/mfsa2020-35/ SuSE Security Announcement: openSUSE-SU-2020:1179 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html SuSE Security Announcement: openSUSE-SU-2020:1189 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html SuSE Security Announcement: openSUSE-SU-2020:1205 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://usn.ubuntu.com/4443-1/ Common Vulnerability Exposure (CVE) ID: CVE-2020-15653 https://bugzilla.mozilla.org/show_bug.cgi?id=1521542 Common Vulnerability Exposure (CVE) ID: CVE-2020-15654 https://bugzilla.mozilla.org/show_bug.cgi?id=1648333 Common Vulnerability Exposure (CVE) ID: CVE-2020-15655 https://bugzilla.mozilla.org/show_bug.cgi?id=1645204 Common Vulnerability Exposure (CVE) ID: CVE-2020-15656 https://bugzilla.mozilla.org/show_bug.cgi?id=1647293 Common Vulnerability Exposure (CVE) ID: CVE-2020-15657 https://bugzilla.mozilla.org/show_bug.cgi?id=1644954 Common Vulnerability Exposure (CVE) ID: CVE-2020-15658 https://bugzilla.mozilla.org/show_bug.cgi?id=1637745 Common Vulnerability Exposure (CVE) ID: CVE-2020-15659 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1550133%2C1633880%2C1643613%2C1644839%2C1645835%2C1646006%2C1646787%2C1649347%2C1650811%2C1651678 Common Vulnerability Exposure (CVE) ID: CVE-2020-6463 Debian Security Information: DSA-4714 (Google Search) https://www.debian.org/security/2020/dsa-4714 Debian Security Information: DSA-4736 (Google Search) https://www.debian.org/security/2020/dsa-4736 Debian Security Information: DSA-4740 (Google Search) https://www.debian.org/security/2020/dsa-4740 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OQYH5OK7O4BU6E37WWG5SEEHV65BFSGR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLFZ5N4EK6I4ZJP5YSKLLVN3ELXEB4XT/ https://security.gentoo.org/glsa/202007-60 https://security.gentoo.org/glsa/202007-64 https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_21.html https://crbug.com/1065186 https://lists.debian.org/debian-lts-announce/2020/07/msg00027.html https://lists.debian.org/debian-lts-announce/2020/08/msg00006.html SuSE Security Announcement: openSUSE-SU-2020:0823 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00034.html SuSE Security Announcement: openSUSE-SU-2020:0832 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00038.html SuSE Security Announcement: openSUSE-SU-2020:1147 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00008.html SuSE Security Announcement: openSUSE-SU-2020:1155 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00011.html Common Vulnerability Exposure (CVE) ID: CVE-2020-6514 Debian Security Information: DSA-4824 (Google Search) https://www.debian.org/security/2021/dsa-4824 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/ https://security.gentoo.org/glsa/202007-08 https://security.gentoo.org/glsa/202101-30 http://packetstormsecurity.com/files/158697/WebRTC-usrsctp-Incorrect-Call.html https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html https://crbug.com/1076703 SuSE Security Announcement: openSUSE-SU-2020:1048 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html SuSE Security Announcement: openSUSE-SU-2020:1061 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html SuSE Security Announcement: openSUSE-SU-2020:1148 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html SuSE Security Announcement: openSUSE-SU-2020:1172 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.