Security vulnerabilities fixed in Firefox 82 and Firefox ESR 78.4
Hello everyone,
Mozilla has released updates for Firefox 82 and Firefox ESR 78.4. These updates fix several security vulnerabilities, the details of which are as follows:
CVE ID | Vulnerability | Severity |
CVE-2020-15969 | Use-after-free in usersctp | High |
CVE-2020-15254 | Undefined behavior in bounded channel of crossbeam rust crate | High |
CVE-2020-15680 | Presence of external protocol handlers could be determined through image tags | Moderate |
CVE-2020-15681 | Multiple WASM threads may have overwritten each others' stub table entries | Moderate |
CVE-2020-15682 | The domain associated with the prompt to open an external protocol could be spoofed to display the incorrect origin | Low |
CVE-2020-15683 | Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 | High |
CVE-2020-15684 | Memory safety bugs fixed in Firefox 82 | High |
The updates can be installed using Vulnerability Manager Plus by initiating a sync between the Central Patch Repository and Vulnerability Manager Plus server. Once synced, search for the following Patch IDs or Bulletin IDs and deploy them to your target systems
Patch ID | Bulletin ID | Patch Description |
316576 | TU-027 | Mozilla Firefox (82.0) |
316577 | TU-027 | Mozilla Firefox (x64) (82.0) |
316581 | TU-054 | Mozilla Firefox ESR (78.4.0) |
316582 | TU-054 | Mozilla Firefox ESR (x64) (78.4.0) |
Cheers,
The ManageEngine Team