Firefox 75 and Firefox ESR 68.7 fix high severity vulnerabilities
Firefox rolled out the latest stable version Firefox 75.0 and its corresponding ESR version Firefox ESR 68.7 to fix a number of vulnerabilities found in their earlier versions. Here's a list of CVEs fixed and their details:
CVE ID | Severity | Vulnerability Description | Fixed in |
CVE-2020-6828 | High | Preference overwrite via crafted Intent from malicious Android application
| Firefox ESR 68.7 |
CVE-2020-6827
| High | Custom Tabs in Firefox for Android could have the URI spoofed | Firefox ESR 68.7 |
CVE-2020-6821 | High
| Uninitialized memory could be read when using the WebGL copyTexSubImage method | Firefox ESR 68.7 |
CVE-2020-6822
| Moderate | Out of bounds write in GMPDecodeData when processing large images | Firefox ESR 68.7 |
CVE-2020-6825
| High | Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 | Firefox ESR 68.7 |
| High | Uninitialized memory could be read when using the WebGL copyTexSubImage method | Firefox 75.0 |
CVE-2020-6822
| Moderate | Out of bounds write in GMPDecodeData when processing large images | Firefox 75.0 |
CVE-2020-6823 | Moderate | Malicious Extension could obtain auth codes from OAuth login flows
| Firefox 75.0 |
CVE-2020-6824
| Moderate | Generated passwords may be identical on the same site between separate private browsing sessions | Firefox 75.0 |
CVE-2020-6825
| High | Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7 | Firefox 75.0 |
CVE-2020-6826 | High | Memory safety bugs fixed in Firefox 75 | Firefox 75.0 |
Resolution:
To fix these vulnerabilities, search for the below mentioned Patch IDs or Bulletin IDs in the console and deploy them to the machines missing them.
Patch ID | Bulletin ID | Patch Description |
313682 | TU-027 | Mozilla Firefox (75.0) |
313683 | TU-027 | Mozilla Firefox (x64) (75.0) |
313684 | TU-054 | Mozilla Firefox ESR (68.7.0) |
313685 | TU-054 | Patch Description :Mozilla Firefox ESR (x64) (68.7.0) |