Mozilla fixes security vulnerabilities in Firefox 76

Mozilla fixes security vulnerabilities in Firefox 76

Hello everyone, 

 

Mozilla has released fixes for several security vulnerabilities in Firefox 76. Below are the details of the vulnerabilities fixed. 

 

CVE ID 

Vulnerability 

Severity

CVE-2020-12387

Use-after-free during worker shutdown

Critical 

CVE-2020-12388

Sandbox escape with improperly guarded access tokens

Critical

CVE-2020-12389

Sandbox escape with improperly separated process types

High

CVE-2020-12390

Incorrect serialization of nsIPrincipal.origin for IPv6 addresses

Moderate

CVE-2020-12391

Content-Security-Policy bypass using object elements

Moderate

CVE-2020-12392

Arbitrary local file access with 'Copy as cURL'

Moderate

CVE-2020-12393

Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

Moderate

CVE-2020-12394

URL spoofing in location bar when unfocussed 

Low 

CVE-2020-12395

Memory safety bugs fixed in Firefox 76 and Firefox ESR 68.8

Critical

CVE-2020-12396

Memory safety bugs fixed in Firefox 76

High

CVE-2020-12397

Policy import functionality in Apache Ranger 0.7.0 to 1.2.0

High 

CVE-2020-6831

Buffer overflow in SCTP chunk input validation

High

 

To install the patches for these vulnerabilities, initiate a sync between the Patch Manager Plus server and the Central Patch Repository. After the sync, search for the following Patch IDs or Bulletin ID and install the patches in the target machines.

 

Patch ID

Bulletin ID

Patch description

314093

TU-027

Mozilla Firefox (76.0)

314094

TU-027

Mozilla Firefox (x64)(76.0)

314095

TU-027

Mozilla Firefox ESR (68.8.0)

314096

TU-027

Mozilla Firefox ESR (x64) (68.8.0)

314106

TU-028

Mozilla Thunderbird (68.8.0)

314107

TU-028

Mozilla Thunderbird (x64) (68.8.0)


Cheers,

The ManageEngine Team

 


                New to ADSelfService Plus?