Security update for MozillaFirefox

SUSE Security Update: Security update for MozillaFirefox
Announcement ID: SUSE-SU-2020:14489-1
Rating: moderate
References: #1174284 #1175686
Cross-References:CVE-2020-15663 CVE-2020-15664 CVE-2020-15670
Affected Products:
  • SUSE Linux Enterprise Server 11-SP4-LTSS
  • SUSE Linux Enterprise Debuginfo 11-SP4

An update that fixes three vulnerabilities is now available.

Description:

This update for MozillaFirefox fixes the following issues:

  • Firefox Extended Support Release 78.2.0 ESR * Fixed: Various stability, functionality, and security fixes
  • Mozilla Firefox ESR 78.2 MFSA 2020-38 (bsc#1175686) * CVE-2020-15663 (bmo#1643199) Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege * CVE-2020-15664 (bmo#1658214) Attacker-induced prompt for extension installation * CVE-2020-15670 (bmo#1651001, bmo#1651449, bmo#1653626, bmo#1656957) Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2

  • Fixed Firefox tab crash in FIPS mode (bsc#1174284).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 11-SP4-LTSS:
    zypper in -t patch slessp4-MozillaFirefox-14489=1
  • SUSE Linux Enterprise Debuginfo 11-SP4:
    zypper in -t patch dbgsp4-MozillaFirefox-14489=1

Package List:

  • SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64):
    • MozillaFirefox-78.2.0-78.90.2
    • MozillaFirefox-translations-common-78.2.0-78.90.2
    • MozillaFirefox-translations-other-78.2.0-78.90.2
  • SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64):
    • MozillaFirefox-debuginfo-78.2.0-78.90.2

References: