https://bugzilla.mozilla.org/show_bug.cgi?id=1661365

https://www.mozilla.org/security/advisories/mfsa2020-54/

https://www.mozilla.org/security/advisories/mfsa2020-55/

https://www.mozilla.org/security/advisories/mfsa2020-56/

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14584-1 advisory.

  - Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain     potentially sensitive information from process memory via a crafted HTML page. (CVE-2020-16042)

  - Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow     on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR <     78.6. (CVE-2020-26971)

  - Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This     could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6,     and Firefox ESR < 78.6. (CVE-2020-26973)

  - When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly     cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially     exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
    (CVE-2020-26974)

  - Using techniques that built on the slipstream research, a malicious webpage could have exposed both an     internal network's hosts as well as services running on the user's local machine. This vulnerability     affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-26978)

  - When an extension with the proxy permission registered to receive , the proxy.onRequest callback     was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening     View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84,     Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35111)

  - If a user downloaded a file lacking an extension on Windows, and then Open-ed it from the downloads     panel, if there was an executable file in the downloads directory with the same name but with an     executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This     issue only affected Windows operating systems. Other operating systems are unaffected.*. This     vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. (CVE-2020-35112)

  - Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and     Firefox ESR < 78.6. (CVE-2020-35113)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for MozillaFirefox fixes the following issues :

  - Firefox Extended Support Release 78.6.0 ESR

  - Fixed: Various stability, functionality, and security     fixes MFSA 2020-55 (bsc#1180039)

  - CVE-2020-16042 (bmo#1679003) Operations on a BigInt     could have caused uninitialized memory to be exposed

  - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in     WebGL

  - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed     incorrect sanitization

  - CVE-2020-26974 (bmo#1681022) Incorrect cast of     StyleGenericFlexBasis resulted in a heap use-after-free

  - CVE-2020-26978 (bmo#1677047) Internal network hosts     could have been probed by a malicious webpage

  - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did     not catch view-source URLs

  - CVE-2020-35112 (bmo#1661365) Opening an extension-less     download may have inadvertently launched an executable     instead

  - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety     bugs fixed in Firefox 84 and Firefox ESR 78.6

This update was imported from the SUSE:SLE-15:Update update project.

This update for MozillaThunderbird fixes the following issues :

  - Mozilla Thunderbird 78.6

  - new: MailExtensions: Added     browser.windows.openDefaultBrowser() (bmo#1664708)

  - changed: Thunderbird now only shows quota exceeded     indications on the main window (bmo#1671748)

  - changed: MailExtensions: menus API enabled in messages     being composed (bmo#1670832)

  - changed: MailExtensions: Honor allowScriptsToClose     argument in windows.create API function (bmo#1675940)

  - changed: MailExtensions: APIs that returned an accountId     will reflect the account the message belongs to, not     what is stored in message headers (bmo#1644032)

  - fixed: Keyboard shortcut for toggling message 'read'     status not shown in menus (bmo#1619248)

  - fixed: OpenPGP: After importing a secret key, Key     Manager displayed properties of the wrong key     (bmo#1667054)

  - fixed: OpenPGP: Inline PGP parsing improvements     (bmo#1660041)

  - fixed: OpenPGP: Discovering keys online via Key Manager     sometimes failed on Linux (bmo#1634053)

  - fixed: OpenPGP: Encrypted attachment 'Decrypt and     Open/Save As' did not work (bmo#1663169)

  - fixed: OpenPGP: Importing keys failed on macOS     (bmo#1680757)

  - fixed: OpenPGP: Verification of clear signed UTF-8 text     failed (bmo#1679756)

  - fixed: Address book: Some columns incorrectly displayed     no data (bmo#1631201)

  - fixed: Address book: The address book view did not     update after changing the name format in the menu     (bmo#1678555)

  - fixed: Calendar: Could not import an ICS file into a     CalDAV calendar (bmo#1652984)

  - fixed: Calendar: Two 'Home' calendars were visible on a     new profile (bmo#1656782)

  - fixed: Calendar: Dark theme was incomplete on Linux     (bmo#1655543)

  - fixed: Dark theme did not apply to new mail notification     popups (bmo#1681083)

  - fixed: Folder icon, message list, and contact side bar     visual improvements (bmo#1679436)

  - fixed: MailExtensions: HTTP refresh in browser content     tabs did not work (bmo#1667774)

  - fixed: MailExtensions: messageDisplayScripts failed to     run in main window (bmo#1674932)

  - fixed: Various security fixes MFSA 2020-56 (bsc#1180039)

  - CVE-2020-16042 (bmo#1679003) Operations on a BigInt     could have caused uninitialized memory to be exposed

  - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in     WebGL

  - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed     incorrect sanitization

  - CVE-2020-26974 (bmo#1681022) Incorrect cast of     StyleGenericFlexBasis resulted in a heap use-after-free

  - CVE-2020-26978 (bmo#1677047) Internal network hosts     could have been probed by a malicious webpage

  - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did     not catch view-source URLs

  - CVE-2020-35112 (bmo#1661365) Opening an extension-less     download may have inadvertently launched an executable     instead

  - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety     bugs fixed in Thunderbird 78.6

This update was imported from the SUSE:SLE-15:Update update project.

This update for MozillaFirefox fixes the following issues :

Firefox Extended Support Release 78.6.0 ESR

  - Fixed: Various stability, functionality, and security     fixes MFSA 2020-55 (bsc#1180039)

  - CVE-2020-16042 (bmo#1679003) Operations on a BigInt     could have caused uninitialized memory to be exposed

  - CVE-2020-26971 (bmo#1663466) Heap buffer overflow in     WebGL

  - CVE-2020-26973 (bmo#1680084) CSS Sanitizer performed     incorrect sanitization

  - CVE-2020-26974 (bmo#1681022) Incorrect cast of     StyleGenericFlexBasis resulted in a heap use-after-free

  - CVE-2020-26978 (bmo#1677047) Internal network hosts     could have been probed by a malicious webpage

  - CVE-2020-35111 (bmo#1657916) The proxy.onRequest API did     not catch view-source URLs

  - CVE-2020-35112 (bmo#1661365) Opening an extension-less     download may have inadvertently launched an executable     instead

  - CVE-2020-35113 (bmo#1664831, bmo#1673589) Memory safety     bugs fixed in Firefox 84 and Firefox ESR 78.6

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-56 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote Windows host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-56 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 84.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-54 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 84.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-54 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-55 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-55 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
150596	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14584-1)	Nessus	SuSE Local Security Checks	high
145372	openSUSE Security Update : MozillaFirefox (openSUSE-2020-2318)	Nessus	SuSE Local Security Checks	high
145362	openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2317)	Nessus	SuSE Local Security Checks	high
145332	openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2324)	Nessus	SuSE Local Security Checks	high
145294	openSUSE Security Update : MozillaFirefox (openSUSE-2020-2325)	Nessus	SuSE Local Security Checks	high
144575	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3903-1)	Nessus	SuSE Local Security Checks	high
144571	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3902-1)	Nessus	SuSE Local Security Checks	high
144532	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3901-1)	Nessus	SuSE Local Security Checks	high
144285	Mozilla Thunderbird < 78.6	Nessus	MacOS X Local Security Checks	high
144284	Mozilla Thunderbird < 78.6	Nessus	Windows	high
144283	Mozilla Firefox < 84.0	Nessus	MacOS X Local Security Checks	critical
144282	Mozilla Firefox < 84.0	Nessus	Windows	critical
144278	Mozilla Firefox ESR < 78.6	Nessus	Windows	high
144277	Mozilla Firefox ESR < 78.6	Nessus	MacOS X Local Security Checks	high

CVE-2020-35112

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

critical

critical

high

high