rpm package
suse/MozillaFirefox-branding-SLE&distro=SUSE Linux Enterprise Module for Desktop Applications 15 SP2
pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2
Vulnerabilities (43)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12402 | Med | 4.4 | < 78-4.14.1 | 78-4.14.1 | Jul 9, 2020 | During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the rec | |
| CVE-2020-12424 | Med | 6.5 | < 78-4.14.1 | 78-4.14.1 | Jul 9, 2020 | When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | |
| CVE-2020-6463 | Hig | 8.8 | < 78-9.2.4 | 78-9.2.4 | May 21, 2020 | Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
- affected < 78-4.14.1fixed 78-4.14.1
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the rec
- affected < 78-4.14.1fixed 78-4.14.1
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
- affected < 78-9.2.4fixed 78-9.2.4
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Page 3 of 3