Hello everyone,
Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed.
CVE ID | Vulnerability | Severity |
CVE-2020-12387 | Use-after-free during worker shutdown | Critical |
CVE-2020-12388 | Sandbox escape with improperly guarded access tokens | Critical |
CVE-2020-12389 | Sandbox escape with improperly separated process types | High |
CVE-2020-12390 | Incorrect serialization of nsIPrincipal.origin for IPv6 addresses | Moderate |
CVE-2020-12391 | Content-Security-Policy bypass using object elements | Moderate |
CVE-2020-12392 | Arbitrary local file access with 'Copy as cURL' | Moderate |
CVE-2020-12393 | Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection | Moderate |
CVE-2020-12394 | URL spoofing in location bar when unfocussed | Low |
CVE-2020-12395 | Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8 | Critical |
CVE-2020-12396 | Memory safety bugs fixed in Firefox 76 | High |
CVE-2020-12397 | Policy import functionality in Apache Ranger 0.7.0 to 1.2.0 | High |
CVE-2020-6831 | Buffer overflow in SCTP chunk input validation | High |
To install the patches for these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch Repository. After the sync, search for the following Patch IDs or Bulletin ID and install the patches in the target machines.
Patch ID | Bulletin ID | Patch description |
314093 | TU-027 | Mozilla Firefox (76.0) |
314094 | TU-027 | Mozilla Firefox (x64)(76.0) |
314095 | TU-027 | Mozilla Firefox ESR (68.8.0) |
314096 | TU-027 | Mozilla Firefox ESR (x64) (68.8.0) |
314106 | TU-028 | Mozilla Thunderbird (68.8.0) |
314107 | TU-028 | Mozilla Thunderbird (x64) (68.8.0) |
Cheers,
The ManageEngine Team