[SUSE-SU-2020:2749-1] Security update for MozillaFirefox
Severity
Important
CVEs
7
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
- Firefox was updated to 78.3.0 ESR (bsc#1176756, MFSA 2020-43)
- CVE-2020-15677: Download origin spoofing via redirect
- CVE-2020-15676: Fixed an XSS when pasting attacker-controlled data into a contenteditable element
- CVE-2020-15678: When recursing through layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free scenario
- CVE-2020-15673: Fixed memory safety bugs
- Enhance fix for wayland-detection (bsc#1174420)
Attempt to fix langpack-parallelization by introducing separate
obj-dirs for each lang (bsc#1173986, bsc#1167976)Firefox was updated to 78.2.0 ESR (bsc#1175686, MFSA 2020-38)
- CVE-2020-15663: Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege
- CVE-2020-15664: Attacker-induced prompt for extension installation
- CVE-2020-15670: Fixed memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
Fixed Firefox tab crash in FIPS mode (bsc#1174284).
Fixed broken translation-loading (bsc#1173991)
- allow addon sideloading
- mark signatures for langpacks non-mandatory
- do not autodisable user profile scopes
Google API key is not usable for geolocation service any more
- ID
- SUSE-SU-2020:2749-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2020/suse-su-20202749-1/
- Published
-
2020-09-25T09:10:38
(4 years ago) - Modified
-
2020-09-25T09:10:38
(4 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2020-1496
- ALAS2-2020-1572
- ALPINE:CVE-2020-15663
- ALPINE:CVE-2020-15664
- ALPINE:CVE-2020-15670
- ALPINE:CVE-2020-15673
- ALPINE:CVE-2020-15676
- ALPINE:CVE-2020-15677
- ALPINE:CVE-2020-15678
- ASA-202009-10
- DSA-4749-1
- DSA-4754-1
- DSA-4768-1
- DSA-4770-1
- ELSA-2020-3556
- ELSA-2020-3557
- ELSA-2020-3558
- ELSA-2020-3631
- ELSA-2020-3634
- ELSA-2020-3643
- ELSA-2020-3832
- ELSA-2020-3835
- ELSA-2020-4080
- ELSA-2020-4155
- ELSA-2020-4158
- ELSA-2020-4163
- GLSA-202008-16
- GLSA-202010-02
- MFSA-2020-36
- MFSA-2020-37
- MFSA-2020-38
- MFSA-2020-39
- MFSA-2020-40
- MFSA-2020-41
- MFSA-2020-42
- MFSA-2020-43
- MFSA-2020-44
- openSUSE-SU-2020:1383-1
- openSUSE-SU-2020:1384-1
- openSUSE-SU-2020:1391-1
- openSUSE-SU-2020:1392-1
- openSUSE-SU-2020:1555-1
- openSUSE-SU-2020:1574-1
- openSUSE-SU-2020:1780-1
- openSUSE-SU-2020:1785-1
- RHSA-2020:3556
- RHSA-2020:3557
- RHSA-2020:3558
- RHSA-2020:3631
- RHSA-2020:3634
- RHSA-2020:3643
- RHSA-2020:3832
- RHSA-2020:3835
- RHSA-2020:4080
- RHSA-2020:4155
- RHSA-2020:4158
- RHSA-2020:4163
- SSA:2020-256-01
- SUSE-SU-2020:2544-1
- SUSE-SU-2020:2552-1
- SUSE-SU-2020:2563-1
- SUSE-SU-2020:2747-1
- SUSE-SU-2020:2759-1
- SUSE-SU-2020:3091-1
- USN-4474-1
- USN-4546-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |