Firefox 75 and Firefox ESR 68.7 fix high severity vulnerabilities

Firefox 75 and Firefox ESR 68.7 fix high severity vulnerabilities

Firefox rolled out the latest stable version Firefox 75.0 and its corresponding ESR version Firefox ESR 68.7 to fix a number of vulnerabilities found in their earlier versions. Here's a list of CVEs fixed and their details:

 

CVE ID

Severity

Vulnerability Description

Fixed in

CVE-2020-6828

High

Preference overwrite via crafted Intent from malicious Android application

 

Firefox ESR 68.7

CVE-2020-6827

 

High

Custom Tabs in Firefox for Android could have the URI spoofed

Firefox ESR 68.7

CVE-2020-6821

High

 

Uninitialized memory could be read when using the WebGL copyTexSubImage method

Firefox ESR 68.7

CVE-2020-6822 

 

Moderate

Out of bounds write in GMPDecodeData when processing large images

Firefox ESR 68.7

CVE-2020-6825

 

High

Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7

Firefox ESR 68.7


CVE-2020-6821

 

High

Uninitialized memory could be read when using the WebGL copyTexSubImage method

Firefox 75.0

CVE-2020-6822

 

Moderate

Out of bounds write in GMPDecodeData when processing large images

Firefox 75.0

CVE-2020-6823

Moderate

Malicious Extension could obtain auth codes from OAuth login flows

 

Firefox 75.0

CVE-2020-6824

 

Moderate

Generated passwords may be identical on the same site between separate private browsing sessions

Firefox 75.0

CVE-2020-6825

 

High

Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7

Firefox 75.0

CVE-2020-6826 

High

Memory safety bugs fixed in Firefox 75

Firefox 75.0

 

 

 

Resolution:

To fix these vulnerabilities, search for the below mentioned Patch IDs or Bulletin IDs in the console and deploy them to the machines missing them.

 

Patch ID

Bulletin ID

Patch Description

313682

TU-027

Mozilla Firefox (75.0)

313683

TU-027

Mozilla Firefox (x64) (75.0)

313684

TU-054  

Mozilla Firefox ESR (68.7.0)

313685

TU-054 

Patch Description :Mozilla Firefox ESR (x64) (68.7.0)


                New to ADSelfService Plus?