Firefox could be made to load attacker-supplied DLL files from the installation directory. This required an attacker that is already capable of placing files in the installation directory. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656)

  - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows (CVE-2020-6823)

  - Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider the id-pkix-ocsp-nocheck extension     in deciding whether to trust an OCSP responder, which makes it easier for remote attackers to obtain     sensitive information by sniffing the network during a session in which there was an incorrect decision to     accept a compromised and revoked certificate. (CVE-2014-8642)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656)

  - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows (CVE-2020-6823)

  - Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required     character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout     CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP     response. (CVE-2013-6167)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - Mozilla: Type confusion for special arguments in IonMonkey (CVE-2020-15656)

  - Mozilla: Malicious Extension could obtain auth codes from OAuth login flows (CVE-2020-6823)

  - By using the reflected URL in some special resource URIs, such as chrome:, it is possible to inject     stylesheets and bypass Content Security Policy (CSP). This vulnerability affects Firefox < 63.
    (CVE-2018-12398)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14456-1 advisory.

  - By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a     cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability     affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird <     78.1. (CVE-2020-15652)

  - An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This     could have led to security issues for websites relying on sandbox configurations that allowed popups and     hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird <     78.1. (CVE-2020-15653)

  - When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user     is interacting with the user interface, when they are not. This could lead to a perceived broken state,     especially when interactions with existing browser dialogs and warnings do not work. This vulnerability     affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15654)

  - A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS     checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox     ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15655)

  - JIT optimizations involving the Javascript arguments object could confuse later optimizations. This risk     was already mitigated by various precautions in the code, resulting in this bug rated at only moderate     severity. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
    (CVE-2020-15656)

  - Firefox could be made to load attacker-supplied DLL files from the installation directory. This required     an attacker that is already capable of placing files in the installation directory. *Note: This issue only     affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects     Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. (CVE-2020-15657)

  - The code for downloading files did not properly take care of special characters, which led to an attacker     being able to cut off the file ending at an earlier position, leading to a different file type being     downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and     Thunderbird < 78.1. (CVE-2020-15658)

  - Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR     78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox     ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. (CVE-2020-15659)

  - Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page. (CVE-2020-6463)

  - Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap corruption via a crafted SCTP stream.
    (CVE-2020-6514)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for MozillaFirefox fixes the following issues :

This update for MozillaFirefox and pipewire fixes the following issues :

MozillaFirefox Extended Support Release 78.1.0 ESR

  - Fixed: Various stability, functionality, and security     fixes (bsc#1174538)

  - CVE-2020-15652: Potential leak of redirect targets when     loading scripts in a worker

  - CVE-2020-6514: WebRTC data channel leaks internal     address to peer

  - CVE-2020-15655: Extension APIs could be used to bypass     Same-Origin Policy

  - CVE-2020-15653: Bypassing iframe sandbox when allowing     popups

  - CVE-2020-6463: Use-after-free in ANGLE     gl::Texture::onUnbindAsSamplerTexture

  - CVE-2020-15656: Type confusion for special arguments in     IonMonkey

  - CVE-2020-15658: Overriding file type when saving to disk

  - CVE-2020-15657: DLL hijacking due to incorrect loading     path

  - CVE-2020-15654: Custom cursor can overlay user interface

  - CVE-2020-15659: Memory safety bugs fixed in Firefox 79     and Firefox ESR 78.1

pipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308) :

  - Extensive memory leak fixing and stress testing was     done. A big leak in screen sharing with DMA-BUF was     fixed.

  - Compile fixes

  - Stability improvements in jack and pulseaudio layers.

  - Added the old portal module to make the Camera portal     work again. This will be moved to the session manager in     future versions.

  - Improvements to the GStreamer source and sink shutdown.

  - Fix compatibility with v2 clients again when negotiating     buffers.

This update was imported from the SUSE:SLE-15-SP2:Update update project.

This update for MozillaFirefox fixes the following issues :

  - Firefox Extended Support Release 78.1.0 ESR

  - Fixed: Various stability, functionality, and security     fixes (bsc#1174538)

  - CVE-2020-15652: Potential leak of redirect targets when     loading scripts in a worker

  - CVE-2020-6514: WebRTC data channel leaks internal     address to peer

  - CVE-2020-15655: Extension APIs could be used to bypass     Same-Origin Policy

  - CVE-2020-15653: Bypassing iframe sandbox when allowing     popups

  - CVE-2020-6463: Use-after-free in ANGLE     gl::Texture::onUnbindAsSamplerTexture

  - CVE-2020-15656: Type confusion for special arguments in     IonMonkey

  - CVE-2020-15658: Overriding file type when saving to disk

  - CVE-2020-15657: DLL hijacking due to incorrect loading     path

  - CVE-2020-15654: Custom cursor can overlay user interface

  - CVE-2020-15659: Memory safety bugs fixed in Firefox 79     and Firefox ESR 78.1

This update was imported from the SUSE:SLE-15:Update update project.

This update for MozillaFirefox fixes the following issues :

This update for MozillaFirefox and pipewire fixes the following issues :

MozillaFirefox Extended Support Release 78.1.0 ESR

Fixed: Various stability, functionality, and security fixes (bsc#1174538)

CVE-2020-15652: Potential leak of redirect targets when loading scripts in a worker

CVE-2020-6514: WebRTC data channel leaks internal address to peer

CVE-2020-15655: Extension APIs could be used to bypass Same-Origin Policy

CVE-2020-15653: Bypassing iframe sandbox when allowing popups

CVE-2020-6463: Use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture

CVE-2020-15656: Type confusion for special arguments in IonMonkey

CVE-2020-15658: Overriding file type when saving to disk

CVE-2020-15657: DLL hijacking due to incorrect loading path

CVE-2020-15654: Custom cursor can overlay user interface

CVE-2020-15659: Memory safety bugs fixed in Firefox 79 and Firefox ESR 78.1

pipewire was updated to version 0.3.6 (bsc#1171433, jsc#ECO-2308) :

Extensive memory leak fixing and stress testing was done. A big leak in screen sharing with DMA-BUF was fixed.

Compile fixes

Stability improvements in jack and pulseaudio layers.

Added the old portal module to make the Camera portal work again. This will be moved to the session manager in future versions.

Improvements to the GStreamer source and sink shutdown.

Fix compatibility with v2 clients again when negotiating buffers.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox fixes the following issues :

Firefox Extended Support Release 78.1.0 ESR

  - Fixed: Various stability, functionality, and security     fixes (bsc#1174538)

  - CVE-2020-15652: Potential leak of redirect targets when     loading scripts in a worker

  - CVE-2020-6514: WebRTC data channel leaks internal     address to peer

  - CVE-2020-15655: Extension APIs could be used to bypass     Same-Origin Policy

  - CVE-2020-15653: Bypassing iframe sandbox when allowing     popups

  - CVE-2020-6463: Use-after-free in ANGLE     gl::Texture::onUnbindAsSamplerTexture

  - CVE-2020-15656: Type confusion for special arguments in     IonMonkey

  - CVE-2020-15658: Overriding file type when saving to disk

  - CVE-2020-15657: DLL hijacking due to incorrect loading     path

  - CVE-2020-15654: Custom cursor can overlay user interface

  - CVE-2020-15659: Memory safety bugs fixed in Firefox 79     and Firefox ESR 78.1

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Thunderbird installed on the remote Windows host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-33 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-33 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote Windows host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-32 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 78.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-32 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 79.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-30 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 79.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-30 advisory.

  - Inappropriate implementation in WebRTC in Google Chrome     prior to 84.0.4147.89 allowed an attacker in a     privileged network position to potentially exploit heap     corruption via a crafted SCTP stream. (CVE-2020-6514)

  - Use after free in ANGLE in Google Chrome prior to     81.0.4044.122 allowed a remote attacker to potentially     exploit heap corruption via a crafted HTML page.
    (CVE-2020-6463)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
200050	RHEL 7 : firefox (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
200049	RHEL 6 : firefox (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
199961	RHEL 8 : firefox (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
150564	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14456-1)	Nessus	SuSE Local Security Checks	high
139562	openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189)	Nessus	SuSE Local Security Checks	high
139444	openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155)	Nessus	SuSE Local Security Checks	high
139406	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1)	Nessus	SuSE Local Security Checks	high
139360	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2118-1)	Nessus	SuSE Local Security Checks	high
139356	openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147)	Nessus	SuSE Local Security Checks	high
139318	Mozilla Thunderbird < 78.1	Nessus	Windows	high
139317	Mozilla Thunderbird < 78.1	Nessus	MacOS X Local Security Checks	high
139282	SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1)	Nessus	SuSE Local Security Checks	high
139074	Mozilla Firefox ESR < 78.1	Nessus	Windows	high
139073	Mozilla Firefox ESR < 78.1	Nessus	MacOS X Local Security Checks	high
139040	Mozilla Firefox < 79.0	Nessus	Windows	high
139039	Mozilla Firefox < 79.0	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2020-15657

high

Tenable Plugins

critical

critical

critical

high

high

high

high

high

high

high

high

high

high

high

high

high