Oval Definition:oval:org.opensuse.security:def:74503
Revision Date:2020-12-01Version:1
Title:Security update for MozillaFirefox (Important)
Description:

This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues:

Security issues fixed:

- CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing (bsc#1173576). - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster (bsc#1173576). - CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64 (bsc#1173576). - CVE-2020-12418: Information disclosure due to manipulated URL object (bsc#1173576). - CVE-2020-12419: Use-after-free in nsGlobalWindowInner (bsc#1173576). - CVE-2020-12420: Use-After-Free when trying to connect to a STUN server (bsc#1173576). - CVE-2020-12402: RSA Key Generation vulnerable to side-channel attack (bsc#1173576). - CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates (bsc#1173576). - CVE-2020-12422: Integer overflow in nsJPEGEncoder::emptyOutputBuffer (bsc#1173576). - CVE-2020-12423: DLL Hijacking due to searching %PATH% for a library (bsc#1173576). - CVE-2020-12424: WebRTC permission prompt could have been bypassed by a compromised content process (bsc#1173576). - CVE-2020-12425: Out of bound read in Date.parse() (bsc#1173576). - CVE-2020-12426: Memory safety bugs fixed in Firefox 78 (bsc#1173576). - FIPS: MozillaFirefox: allow /proc/sys/crypto/fips_enabled (bsc#1167231).

Non-security issues fixed:

- Fixed interaction with freetype6 (bsc#1173613).

This update was imported from the SUSE:SLE-15:Update update project.
Family:unixClass:patch
Status:Reference(s):1166238
1172186
1173576
1173613
CVE-2020-12402
CVE-2020-12415
CVE-2020-12416
CVE-2020-12417
CVE-2020-12418
CVE-2020-12419
CVE-2020-12420
CVE-2020-12421
CVE-2020-12422
CVE-2020-12423
CVE-2020-12424
CVE-2020-12425
CVE-2020-12426
CVE-2020-8165
openSUSE-SU-2020:1017-1
openSUSE-SU-2020:1677-1
Platform(s):openSUSE Leap 15.1
Product(s):
Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • MozillaFirefox-78.0.1-lp151.2.53 is installed
  • OR MozillaFirefox-branding-upstream-78.0.1-lp151.2.53 is installed
  • OR MozillaFirefox-buildsymbols-78.0.1-lp151.2.53 is installed
  • OR MozillaFirefox-devel-78.0.1-lp151.2.53 is installed
  • OR MozillaFirefox-translations-common-78.0.1-lp151.2.53 is installed
  • OR MozillaFirefox-translations-other-78.0.1-lp151.2.53 is installed
  • BACK