Security update for MozillaFirefox

SUSE Security Update: Security update for MozillaFirefox
Announcement ID: SUSE-SU-2020:3383-1
Rating: important
References: #1178824
Cross-References:CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968
Affected Products:
  • SUSE Linux Enterprise Module for Desktop Applications 15-SP1

An update that fixes 12 vulnerabilities is now available.

Description:

This update for MozillaFirefox fixes the following issues:

  • Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Module for Desktop Applications 15-SP1:
    zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP1-2020-3383=1

Package List:

  • SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (aarch64 ppc64le s390x x86_64):
    • MozillaFirefox-78.5.0-3.119.1
    • MozillaFirefox-debuginfo-78.5.0-3.119.1
    • MozillaFirefox-debugsource-78.5.0-3.119.1
    • MozillaFirefox-devel-78.5.0-3.119.1
    • MozillaFirefox-translations-common-78.5.0-3.119.1
    • MozillaFirefox-translations-other-78.5.0-3.119.1

References: