Security vulnerabilities fixed in Firefox 83 and Firefox ESR 78.5
Hello All,
Mozilla has released security advisories for Firefox 83 and Firefox ESR 78.5. A series of security vulnerabilities are fixed in this update. Find the details for the same below.
CVE ID | Description | Impact |
CVE-2020-26951 | Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code | High |
CVE-2020-26952 | Out of memory handling of JITed, inline functions could lead to a memory corruption | High |
CVE-2020-16012 | Variable time processing of cross-origin images during drawImage calls | Moderate |
CVE-2020-26953 | Fullscreen could be enabled without displaying the security UI | Moderate |
CVE-2020-26954 | Local spoofing of web manifests for arbitrary pages in Firefox for Android | Moderate |
CVE-2020-26955 | Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android | Moderate |
CVE-2020-26956 | XSS through paste (manual and clipboard API) | Moderate |
CVE-2020-26957 | OneCRL was not working in Firefox for Android | Moderate |
CVE-2020-26958 | Requests intercepted through ServiceWorkers lacked MIME type restrictions | Moderate |
CVE-2020-26959 | Use-after-free in WebRequestService | Moderate |
CVE-2020-26960 | Potential use-after-free in uses of nsTArray | Moderate |
| CVE-2020-15999 | Heap buffer overflow in freetype | Moderate |
| CVE-2020-26962 | Cross-origin iframes supported login autofill | Low |
| CVE-2020-26963 | History and Location interfaces could have been used to hang the browser | Low |
CVE-2020-26964 | Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android | Low |
CVE-2020-26965 | Software keyboards may have remembered typed passwords | Low |
CVE-2020-26966 | Single-word search queries were also broadcast to local network | Low |
CVE-2020-26967 | Mutation Observers could break or confuse Firefox Screenshots feature | Low |
CVE-2020-26968 | Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 | High |
CVE-2020-26969 | Memory safety bugs fixed in Firefox 83 | High |
CVE-2020-26961 | DoH did not filter IPv4 mapped IP Addresses | Moderate |
To update these using Vulnerability Manager Plus, initiate a synchronization between the Central Patch Repository and Vulnerability Manager Plus server. Search for the following Patch IDs or Bulletin IDs and deploy them. Find more detailed information about the vulnerabilities in the below links.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/
Patch ID | Bulletin ID | Patch Description |
317075 | TU-027 | Mozilla Firefox (83.0) |
317076 | TU-027 | Mozilla Firefox (x64) (83.0) |
317077 | TU-054 | Mozilla Firefox ESR (78.5.0) |
317078 | TU-054 | Mozilla Firefox ESR (x64) (78.5.0) |
Cheers,
Team ManageEngine