Security vulnerabilities fixed in Firefox 83 and Firefox ESR 78.5

Security vulnerabilities fixed in Firefox 83 and Firefox ESR 78.5

Hello All,

 

Mozilla has released security advisories for Firefox 83 and Firefox ESR 78.5. A series of security vulnerabilities are fixed in this update. Find the details for the same below.

CVE ID
Description
Impact

CVE-2020-26951 

Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
High
CVE-2020-26952
Out of memory handling of JITed, inline functions could lead to a memory corruption
High
CVE-2020-16012
Variable time processing of cross-origin images during drawImage calls
Moderate
CVE-2020-26953 
Fullscreen could be enabled without displaying the security UI
Moderate
CVE-2020-26954
Local spoofing of web manifests for arbitrary pages in Firefox for Android
Moderate
CVE-2020-26955
Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
Moderate
CVE-2020-26956 
XSS through paste (manual and clipboard API)
Moderate
CVE-2020-26957
OneCRL was not working in Firefox for Android
Moderate
CVE-2020-26958 
Requests intercepted through ServiceWorkers lacked MIME type restrictions
Moderate
CVE-2020-26959
Use-after-free in WebRequestService
Moderate
CVE-2020-26960 
Potential use-after-free in uses of nsTArray
Moderate
CVE-2020-15999 
Heap buffer overflow in freetype
Moderate
CVE-2020-26962
Cross-origin iframes supported login autofill
Low
CVE-2020-26963
History and Location interfaces could have been used to hang the browser
Low
CVE-2020-26964 
Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
Low
CVE-2020-26965
Software keyboards may have remembered typed passwords
Low
CVE-2020-26966
Single-word search queries were also broadcast to local network
Low
CVE-2020-26967 
Mutation Observers could break or confuse Firefox Screenshots feature
Low
CVE-2020-26968
Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
High
CVE-2020-26969 
Memory safety bugs fixed in Firefox 83
High
CVE-2020-26961
DoH did not filter IPv4 mapped IP Addresses
Moderate


To update these using Vulnerability Manager Plus, initiate a synchronization between the Central Patch Repository and Vulnerability Manager Plus server. Search for the following Patch IDs or Bulletin IDs and deploy them. Find more detailed information about the vulnerabilities in the below links.

 

https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/

https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/


Patch ID
Bulletin ID
Patch Description
317075
TU-027
Mozilla Firefox (83.0)
317076
TU-027
Mozilla Firefox (x64) (83.0)
317077
TU-054
Mozilla Firefox ESR (78.5.0)
317078
TU-054
Mozilla Firefox ESR (x64) (78.5.0)

Cheers,

Team ManageEngine