Skip to main content
Skip table of contents

ISN 2020-08: Firefox ESR Various Vulnerabilities

Announced 17 September 2020

Score: High

Several security issues, 8 rated as high, affect the Firefox ESR web browser on:

  • IGEL OS 11

  • IGEL OS 10

  • IGEL Linux 5

Details

It has been found that manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript (CVE-2020-12418). Apart from that, by observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect (CVE-2020-15652. The WebRTC data channel could leak internal memory addresses to a peer, enabling them to bypass ASLR (CVE-2020-6514).
Another vulnerability allowed a malicious webpage to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed (CVE-2020-15664).
Finally, a number of memory management bugs have been discovered (CVE-2020-12419, CVE-2020-12420, CVE-2020-15659, CVE-2020-15669).

Update Instructions

References

Mozilla Foundation Security Advisory 2020-25: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/

Mozilla Foundation Security Advisory 2020-31: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/

Mozilla Foundation Security Advisory 2020-37: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.