rpm package

suse/MozillaFirefox-branding-SLE&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP2

pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2

Vulnerabilities (43)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-12418	—	< 78-4.14.1	78-4.14.1	Jul 9, 2020	Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12424	—	< 78-4.14.1	78-4.14.1	Jul 9, 2020	When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
CVE-2020-6463	—	< 78-9.2.4	78-9.2.4	May 21, 2020	Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVE-2020-12418Jul 9, 2020
affected < 78-4.14.1fixed 78-4.14.1
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12424Jul 9, 2020
affected < 78-4.14.1fixed 78-4.14.1
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
CVE-2020-6463May 21, 2020
affected < 78-9.2.4fixed 78-9.2.4
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Page 3 of 3