Download page ISN 2020-08: Firefox ESR Various Vulnerabilities.
ISN 2020-08: Firefox ESR Various Vulnerabilities
Announced 17 September 2020
Score: High
Several security issues, 8 rated as high, affect the Firefox ESR web browser on:
IGEL OS 11
IGEL OS 10
IGEL Linux 5
Details
It has been found that manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript (CVE-2020-12418). Apart from that, by observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect (CVE-2020-15652. The WebRTC data channel could leak internal memory addresses to a peer, enabling them to bypass ASLR (CVE-2020-6514). Another vulnerability allowed a malicious webpage to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed (CVE-2020-15664). Finally, a number of memory management bugs have been discovered (CVE-2020-12419, CVE-2020-12420, CVE-2020-15659, CVE-2020-15669).
Update Instructions
IGEL OS 11: Update to IGEL OS 11.04.130 or newer.
IGEL OS 10: An updated version is upcoming. When it is available, this document will be updated.