Security updates released for Firefox 80, ESR 68.12, and ESR 78.2

Security updates released for Firefox 80, ESR 68.12, and ESR 78.2

Hello everyone, 

 

Mozilla has released security updates for Firefox 80, Firefox ESR 68.12, and Firefox ESR 78.2. Most of the vulnerabilities fixed are of high severity. The details of the vulnerabilities fixed are as follows:

  CVE ID
  Vulnerability details
  Severity
  CVE-2020-15663
  Downgrade attack on the Mozilla Maintenance Service could have     resulted in escalation of privilege
  High
  CVE-2020-15664
  Attacker-induced prompt for extension installation
  High
  CVE-2020-12401
  Timing-attack on ECDSA signature generation
  Moderate
  CVE-2020-6829
  P-384 and P-521 vulnerable to an electro-magnetic side channel attack   on signature generation
  Moderate
  CVE-2020-12400
  P-384 and P-521 vulnerable to a side channel attack on modular inversion
  Moderate
  CVE-2020-15665
  Address bar not reset when choosing to stay on a page after the   beforeunload dialog is shown
  Moderate
  CVE-2020-15666
  MediaError message property leaks cross-origin response status
  Low
  CVE-2020-15667
  Heap overflow when processing an update file
  Low
  CVE-2020-15668
  Data Race when reading certificate information
  Low
  CVE-2020-15670
  Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2
  High
  CVE-2020-15669
  Use-After-Free when aborting an operation
  High


To fix these vulnerabilities using Vulnerability Manager Plus, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Search for the following Patch IDs or Bulletin IDs and install them in your target machines

 

Patch IDs

Bulletin IDs

Patch Description

315672

TU-027

Mozilla Firefox (80.0)

315673

TU-027

Mozilla Firefox (x64) (80.0)

315674

TU-054

Mozilla Firefox ESR (78.2.0)

315676

TU-054

Mozilla Firefox ESR (x64) (78.2.0)

315675

TU-054

Mozilla Firefox ESR (68.12.0)

315677

TU-054

Mozilla Firefox ESR (x64) (68.12.0)

 

Cheers, 

The ManageEngine Team 

                New to ADSelfService Plus?