Synopsis: Important: firefox security and bug fix update
Advisory ID: SLSA-2020:4080-1
Issue Date: 2020-10-01
CVE Numbers: CVE-2020-15677
CVE-2020-12425
CVE-2020-15673
CVE-2020-12424
CVE-2020-15658
CVE-2020-15656
CVE-2020-15648
CVE-2020-12422
CVE-2020-15653
CVE-2020-15678
CVE-2020-15654
CVE-2020-15676
—
Security Fix(es):
* Mozilla: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
(CVE-2020-15673)
* Mozilla: Integer overflow in nsJPEGEncoder::emptyOutputBuffer
(CVE-2020-12422)
* Mozilla: X-Frame-Options bypass using object or embed tags
(CVE-2020-15648)
* Mozilla: Bypassing iframe sandbox when allowing popups (CVE-2020-15653)
* Mozilla: Type confusion for special arguments in IonMonkey
(CVE-2020-15656)
* Mozilla: XSS when pasting attacker-controlled data into a contenteditable
element (CVE-2020-15676)
* Mozilla: Download origin spoofing via redirect (CVE-2020-15677)
* Mozilla: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
(CVE-2020-15678)
* Mozilla: WebRTC permission prompt could have been bypassed by a
compromised content process (CVE-2020-12424)
* Mozilla: Out of bound read in Date.parse() (CVE-2020-12425)
* Mozilla: Custom cursor can overlay user interface (CVE-2020-15654)
* Mozilla: Overriding file type when saving to disk (CVE-2020-15658)
—
SL7
x86_64
firefox-78.3.0-1.el7_9.x86_64.rpm
firefox-debuginfo-78.3.0-1.el7_9.x86_64.rpm
firefox-78.3.0-1.el7_9.i686.rpm
– Scientific Linux Development Team
