https://bugzilla.mozilla.org/show_bug.cgi?id=1622278

https://www.mozilla.org/security/advisories/mfsa2020-13/

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14339-1 advisory.

  - When reading from areas partially or fully outside the source resource with WebGL's     copyTexSubImage method, the specification requires the returned values be zero. Previously,     this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability     affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. (CVE-2020-6821)

  - On 32-bit builds, an out of bounds write could have occurred when processing an image larger than 4 GB in     GMPDecodeData. It is possible that with enough effort this could have been exploited to run     arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75.
    (CVE-2020-6822)

  - Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs     present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we     presume that with enough effort some of these could have been exploited to run arbitrary code. This     vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. (CVE-2020-6825)

  - When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for     Android could be tricked into displaying the incorrect URI.  *Note: This issue only affects Firefox     for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.
    (CVE-2020-6827)

  - A malicious Android application could craft an Intent that would have been processed by Firefox for     Android and potentially result in a file overwrite in the user's profile directory. One exploitation     vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control     of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to     arbitrary code execution. *Note: This issue only affects Firefox for Android. Other operating systems     are unaffected.*. This vulnerability affects Firefox ESR < 68.7. (CVE-2020-6828)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues :

  - CVE-2020-6821: Uninitialized memory could be read when     using the WebGL copyTexSubImage method (bsc#1168874).

  - CVE-2020-6822: Fixed out of bounds write in     GMPDecodeData when processing large images     (bsc#1168874).

  - CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874).

  - CVE-2020-6827: Custom Tabs could have the URI spoofed     (bsc#1168874).

  - CVE-2020-6828: Preference overwrite via crafted Intent     (bsc#1168874).

This update was imported from the SUSE:SLE-15:Update update project.

This update for MozillaFirefox to version 68.7.0 ESR fixes the following issues :

CVE-2020-6821: Uninitialized memory could be read when using the WebGL copyTexSubImage method (bsc#1168874).

CVE-2020-6822: Fixed out of bounds write in GMPDecodeData when processing large images (bsc#1168874).

CVE-2020-6825: Fixed Memory safety bugs (bsc#1168874).

CVE-2020-6827: Custom Tabs could have the URI spoofed (bsc#1168874).

CVE-2020-6828: Preference overwrite via crafted Intent (bsc#1168874).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

New mozilla-firefox packages are available for Slackware 14.2 and
-current to fix security issues.

The version of Firefox ESR installed on the remote Windows host is prior to 68.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-13 advisory.

  - A malicious Android application could craft an Intent     that would have been processed by Firefox for Android     and potentially result in a file overwrite in the user's     profile directory. One exploitation vector for this     would be to supply a user.js file providing arbitrary     malicious preference values. Control of arbitrary     preferences can lead to sufficient compromise such that     it is generally equivalent to arbitrary code     execution. Note: This issue only affects Firefox for     Android. Other operating systems are unaffected.
    (CVE-2020-6828)

  - When following a link that opened an intent://-schemed     URL, causing a custom tab to be opened, Firefox for     Android could be tricked into displaying the incorrect     URI.  Note: This issue only affects Firefox for     Android. Other operating systems are unaffected.
    (CVE-2020-6827)

  - When reading from areas partially or fully outside the     source resource with WebGL's     copyTexSubImage method, the specification     requires the returned values be zero. Previously, this     memory was uninitialized, leading to potentially     sensitive data disclosure. (CVE-2020-6821)

  - On 32-bit builds, an out of bounds write could have     occurred when processing an image larger than 4 GB in     GMPDecodeData. It is possible that with     enough effort this could have been exploited to run     arbitrary code. (CVE-2020-6822)

  - Mozilla developers Tyson Smith and Christian Holler     reported memory safety bugs present in Firefox 74 and     Firefox ESR 68.6. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort     some of these could have been exploited to run arbitrary     code. (CVE-2020-6825)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.7. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-13 advisory.

  - A malicious Android application could craft an Intent     that would have been processed by Firefox for Android     and potentially result in a file overwrite in the user's     profile directory. One exploitation vector for this     would be to supply a user.js file providing arbitrary     malicious preference values. Control of arbitrary     preferences can lead to sufficient compromise such that     it is generally equivalent to arbitrary code     execution. Note: This issue only affects Firefox for     Android. Other operating systems are unaffected.
    (CVE-2020-6828)

  - When following a link that opened an intent://-schemed     URL, causing a custom tab to be opened, Firefox for     Android could be tricked into displaying the incorrect     URI.  Note: This issue only affects Firefox for     Android. Other operating systems are unaffected.
    (CVE-2020-6827)

  - When reading from areas partially or fully outside the     source resource with WebGL's     copyTexSubImage method, the specification     requires the returned values be zero. Previously, this     memory was uninitialized, leading to potentially     sensitive data disclosure. (CVE-2020-6821)

  - On 32-bit builds, an out of bounds write could have     occurred when processing an image larger than 4 GB in     GMPDecodeData. It is possible that with     enough effort this could have been exploited to run     arbitrary code. (CVE-2020-6822)

  - Mozilla developers Tyson Smith and Christian Holler     reported memory safety bugs present in Firefox 74 and     Firefox ESR 68.6. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort     some of these could have been exploited to run arbitrary     code. (CVE-2020-6825)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
150672	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14339-1)	Nessus	SuSE Local Security Checks	critical
135446	openSUSE Security Update : MozillaFirefox (openSUSE-2020-493)	Nessus	SuSE Local Security Checks	critical
135397	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0978-1)	Nessus	SuSE Local Security Checks	critical
135396	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0971-1)	Nessus	SuSE Local Security Checks	critical
135280	Slackware 14.2 / current : mozilla-firefox (SSA:2020-098-01)	Nessus	Slackware Local Security Checks	critical
135274	Mozilla Firefox ESR < 68.7 Multiple Vulnerabilities (mfsa2020-13)	Nessus	Windows	critical
135273	Mozilla Firefox ESR < 68.7 Multiple Vulnerabilities (mfsa2020-13)	Nessus	MacOS X Local Security Checks	critical

CVE-2020-6827

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical