SUSE-SU-2020:14359-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89000158 | Date: (C)2021-02-24 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.8.0 ESR MFSA 2020-17 * CVE-2020-12387 Use-after-free during worker shutdown * CVE-2020-12388 Sandbox escape with improperly guarded Access Tokens * CVE-2020-12389 Sandbox escape with improperly separated process types * CVE-2020-6831 Buffer overflow in SCTP chunk input validation * CVE-2020-12392 Arbitrary local file access with "Copy as cURL" * CVE-2020-12393 Devtools" "Copy as cURL" feature did not fully escape website-controlled data, potentially leading to command injection * CVE-2020-12395 Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 - Since firefox-gcc8 now has disabled autoreqprov for firefox-libstdc++6 and firefox-libgcc_s1, those packages don"t provide some capabilities, we have to disable AutoReqProv in MozillaFirefox too so they"re not added as automatic requirements
Platform: |
SUSE Linux Enterprise Server 11 SP4 |