The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14359-1 advisory.

  - A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This     resulted in a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76,     and Thunderbird < 68.8.0. (CVE-2020-12387)

  - The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox     escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects     Firefox ESR < 68.8 and Firefox < 76. (CVE-2020-12388, CVE-2020-12389)

  - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a     request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the     command into a terminal, it could have resulted in the disclosure of local files. This vulnerability     affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12392)

  - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request,     which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command     into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this     issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8,     Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12393)

  - Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR     68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8,     Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-12395)

  - A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to     memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8,     Firefox < 76, and Thunderbird < 68.8.0. (CVE-2020-6831)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for MozillaThunderbird fixes the following issues :

Update to 68.8.0 ESR MFSA 2020-18 (bsc#1171186)

  - CVE-2020-12397 (bmo#1617370) Sender Email Address     Spoofing using encoded Unicode characters

  - CVE-2020-12387 (bmo#1545345) Use-after-free during     worker shutdown

  - CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP     chunk input validation

  - CVE-2020-12392 (bmo#1614468) Arbitrary local file access     with 'Copy as cURL'

  - CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL'     feature did not fully escape website-controlled data,     potentially leading to command injection

  - CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,     bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,     bmo#1631508) Memory safety bugs fixed in Thunderbird     68.8.0

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox fixes the following issues :

Update to version 68.8.0 ESR (bsc#1171186) :

CVE-2020-12387: Use-after-free during worker shutdown

CVE-2020-12388: Sandbox escape with improperly guarded Access Tokens

CVE-2020-12389: Sandbox escape with improperly separated process types

CVE-2020-6831: Buffer overflow in SCTP chunk input validation

CVE-2020-12392: Arbitrary local file access with 'Copy as cURL'

CVE-2020-12393: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

CVE-2020-12395: Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaThunderbird fixes the following issues :

  - Update to 68.8.0 ESR MFSA 2020-18 (bsc#1171186)

  - CVE-2020-12397 (bmo#1617370) Sender Email Address     Spoofing using encoded Unicode characters

  - CVE-2020-12387 (bmo#1545345) Use-after-free during     worker shutdown

  - CVE-2020-6831 (bmo#1632241) Buffer overflow in SCTP     chunk input validation

  - CVE-2020-12392 (bmo#1614468) Arbitrary local file access     with 'Copy as cURL'

  - CVE-2020-12393 (bmo#1615471) Devtools' 'Copy as cURL'     feature did not fully escape website-controlled data,     potentially leading to command injection

  - CVE-2020-12395 (bmo#1595886, bmo#1611482, bmo#1614704,     bmo#1624098, bmo#1625749, bmo#1626382, bmo#1628076,     bmo#1631508) Memory safety bugs fixed in Thunderbird     68.8.0

This update was imported from the SUSE:SLE-15:Update update project.

This update for MozillaFirefox fixes the following issues :

Update to version 68.8.0 ESR (bsc#1171186) :

  - CVE-2020-12387: Use-after-free during worker shutdown

  - CVE-2020-12388: Sandbox escape with improperly guarded     Access Tokens

  - CVE-2020-12389: Sandbox escape with improperly separated     process types

  - CVE-2020-6831: Buffer overflow in SCTP chunk input     validation

  - CVE-2020-12392: Arbitrary local file access with 'Copy     as cURL'

  - CVE-2020-12393: Devtools' 'Copy as cURL' feature did not     fully escape website-controlled data, potentially     leading to command injection

  - CVE-2020-12395: Memory safety bugs fixed in Firefox 76     and Firefox ESR 68.8

This update was imported from the SUSE:SLE-15:Update update project.

The version of Firefox installed on the remote Windows host is prior to 76.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-16 advisory.

  - A race condition when running shutdown code for Web     Worker led to a use-after-free vulnerability. This     resulted in a potentially exploitable crash.
    (CVE-2020-12387)

  - The Firefox content processes did not sufficiently     lockdown access control which could result in a sandbox     escape.Note: this issue only affects Firefox on     Windows operating systems. (CVE-2020-12388,     CVE-2020-12389)

  - A buffer overflow could occur when parsing and     validating SCTP chunks in WebRTC. This could have led to     memory corruption and a potentially exploitable crash.
    (CVE-2020-6831)

  - Incorrect origin serialization of URLs with IPv6     addresses could lead to incorrect security checks     (CVE-2020-12390)

  - Documents formed using data: URLs in an     object element failed to inherit the CSP of     the creating context. This allowed the execution of     scripts that should have been blocked, albeit with a     unique opaque origin. (CVE-2020-12391)

  - The 'Copy as cURL' feature of Devtools' network tab did     not properly escape the HTTP POST data of a request,     which can be controlled by the website. If a user used     the 'Copy as cURL' feature and pasted the command into a     terminal, it could have resulted in the disclosure of     local files. (CVE-2020-12392)

  - The 'Copy as cURL' feature of Devtools' network tab did     not properly escape the HTTP method of a request, which     can be controlled by the website. If a user used the     'Copy as cURL' feature and pasted the command into a     terminal, it could have resulted in command injection     and arbitrary command execution.Note: this issue     only affects Firefox on Windows operating systems.
    (CVE-2020-12393)

  - A logic flaw in our location bar implementation could     have allowed a local attacker to spoof the current     location by selecting a different origin and removing     focus from the input element. (CVE-2020-12394)

  - Mozilla developers and community members Alexandru     Michis, Jason Kratzer, philipp, Ted Campbell, Bas     Schouten, Andr Bargull, and Karl Tomlinson reported     memory safety bugs present in Firefox 75 and Firefox ESR     68.7. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary     code. (CVE-2020-12395)

  - Mozilla developers and community members Frederik Braun,     Andrew McCreight, C.M.Chang, and Dan Minor reported     memory safety bugs present in Firefox 75. Some of these     bugs showed evidence of memory corruption and we presume     that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2020-12396)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 76.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-16 advisory.

  - A race condition when running shutdown code for Web     Worker led to a use-after-free vulnerability. This     resulted in a potentially exploitable crash.
    (CVE-2020-12387)

  - The Firefox content processes did not sufficiently     lockdown access control which could result in a sandbox     escape.Note: this issue only affects Firefox on     Windows operating systems. (CVE-2020-12388,     CVE-2020-12389)

  - A buffer overflow could occur when parsing and     validating SCTP chunks in WebRTC. This could have led to     memory corruption and a potentially exploitable crash.
    (CVE-2020-6831)

  - Incorrect origin serialization of URLs with IPv6     addresses could lead to incorrect security checks     (CVE-2020-12390)

  - Documents formed using data: URLs in an     object element failed to inherit the CSP of     the creating context. This allowed the execution of     scripts that should have been blocked, albeit with a     unique opaque origin. (CVE-2020-12391)

  - The 'Copy as cURL' feature of Devtools' network tab did     not properly escape the HTTP POST data of a request,     which can be controlled by the website. If a user used     the 'Copy as cURL' feature and pasted the command into a     terminal, it could have resulted in the disclosure of     local files. (CVE-2020-12392)

  - The 'Copy as cURL' feature of Devtools' network tab did     not properly escape the HTTP method of a request, which     can be controlled by the website. If a user used the     'Copy as cURL' feature and pasted the command into a     terminal, it could have resulted in command injection     and arbitrary command execution.Note: this issue     only affects Firefox on Windows operating systems.
    (CVE-2020-12393)

  - A logic flaw in our location bar implementation could     have allowed a local attacker to spoof the current     location by selecting a different origin and removing     focus from the input element. (CVE-2020-12394)

  - Mozilla developers and community members Alexandru     Michis, Jason Kratzer, philipp, Ted Campbell, Bas     Schouten, Andr Bargull, and Karl Tomlinson reported     memory safety bugs present in Firefox 75 and Firefox ESR     68.7. Some of these bugs showed evidence of memory     corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary     code. (CVE-2020-12395)

  - Mozilla developers and community members Frederik Braun,     Andrew McCreight, C.M.Chang, and Dan Minor reported     memory safety bugs present in Firefox 75. Some of these     bugs showed evidence of memory corruption and we presume     that with enough effort some of these could have been     exploited to run arbitrary code. (CVE-2020-12396)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

New mozilla-firefox packages are available for Slackware 14.2 and
-current to fix security issues.

The version of Thunderbird installed on the remote Windows host is prior to 68.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-18 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.8.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-18 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 68.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.8. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-17 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
150555	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14359-1)	Nessus	SuSE Local Security Checks	critical
136658	SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2020:1225-1)	Nessus	SuSE Local Security Checks	critical
136654	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:1218-1)	Nessus	SuSE Local Security Checks	critical
136649	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:1209-1)	Nessus	SuSE Local Security Checks	critical
136461	openSUSE Security Update : MozillaThunderbird (openSUSE-2020-643)	Nessus	SuSE Local Security Checks	critical
136450	openSUSE Security Update : MozillaFirefox (openSUSE-2020-621)	Nessus	SuSE Local Security Checks	critical
136404	Mozilla Firefox < 76.0	Nessus	Windows	critical
136403	Mozilla Firefox < 76.0	Nessus	MacOS X Local Security Checks	critical
136392	Slackware 14.2 / current : mozilla-firefox (SSA:2020-126-01)	Nessus	Slackware Local Security Checks	critical
136359	Mozilla Thunderbird < 68.8.0	Nessus	Windows	critical
136358	Mozilla Thunderbird < 68.8.0	Nessus	MacOS X Local Security Checks	critical
136357	Mozilla Firefox ESR < 68.8	Nessus	Windows	critical
136356	Mozilla Firefox ESR < 68.8	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2020-12393

high

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical

critical