Security updates released for Firefox 80, ESR 68.12, and ESR 78.2
Hello everyone,
Mozilla has released security updates for Firefox 80, Firefox ESR 68.12, and Firefox ESR 78.2. Most of the vulnerabilities fixed are of high severity. The details of the vulnerabilities fixed are as follows:
| CVE ID | Vulnerability details | Severity |
| CVE-2020-15663 | Downgrade attack on the Mozilla Maintenance Service could have resulted in escalation of privilege | High |
| CVE-2020-15664 | Attacker-induced prompt for extension installation | High |
| CVE-2020-12401 | Timing-attack on ECDSA signature generation | Moderate |
| CVE-2020-6829 | P-384 and P-521 vulnerable to an electro-magnetic side channel attack on signature generation | Moderate |
| CVE-2020-12400 | P-384 and P-521 vulnerable to a side channel attack on modular inversion | Moderate |
| CVE-2020-15665 | Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown | Moderate |
| CVE-2020-15666 | MediaError message property leaks cross-origin response status | Low |
| CVE-2020-15667 | Heap overflow when processing an update file | Low |
| CVE-2020-15668 | Data Race when reading certificate information | Low |
| CVE-2020-15670 | Memory safety bugs fixed in Firefox 80 and Firefox ESR 78.2 | High |
| CVE-2020-15669 | Use-After-Free when aborting an operation | High |
To fix these vulnerabilities using Vulnerability Manager Plus, initiate a sync between the Central Patch Repository and the Vulnerability Manager Plus server. Search for the following Patch IDs or Bulletin IDs and install them in your target machines
Patch IDs | Bulletin IDs | Patch Description |
315672 | TU-027 | Mozilla Firefox (80.0) |
315673 | TU-027 | Mozilla Firefox (x64) (80.0) |
315674 | TU-054 | Mozilla Firefox ESR (78.2.0) |
315676 | TU-054 | Mozilla Firefox ESR (x64) (78.2.0) |
315675 | TU-054 | Mozilla Firefox ESR (68.12.0) |
315677 | TU-054 | Mozilla Firefox ESR (x64) (68.12.0) |
Cheers,
The ManageEngine Team