By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2020:14290-1 advisory.

  - A content process could have modified shared memory relating to crash reporting information, crash itself,     and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable     crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. (CVE-2020-6796)

  - By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary     application on the user's computer. The attacker is restricted as they are unable to download non-     quarantined files or supply command line arguments to the application, limiting the impact. Note: this     issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects     Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. (CVE-2020-6797)

  - If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and     execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer     a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email     in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in     browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox     < ESR68.5. (CVE-2020-6798)

  - Command line arguments could have been injected during Firefox invocation as a shell handler for certain     unsupported file types. This required Firefox to be configured as the default handler for a given file     type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL     data. In that situation, clicking a link in the third party application could have been used to retrieve     and execute files whose location was supplied through command line arguments. Note: This issue only     affects Windows operating systems and when Firefox is configured as the default handler for non-default     filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox <     ESR68.5. (CVE-2020-6799)

  - Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR     68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited     through email in the Thunderbird product because scripting is disabled when reading mail, but are     potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5,     Firefox < 73, and Firefox < ESR68.5. (CVE-2020-6800)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202003-02 (Mozilla Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page, possibly resulting in the execution of arbitrary code with the       privileges of the process or a Denial of Service condition. Furthermore,       a remote attacker may be able to perform Man-in-the-Middle attacks,       obtain sensitive information, spoof the address bar, conduct clickjacking       attacks, bypass security restrictions and protection mechanisms, or have       other unspecified impact.
  Workaround :

    There is no known workaround at this time.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-06 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for MozillaFirefox fixes the following issues :

Firefox Extended Support Release 68.5.0 ESR

  - CVE-2020-6796 (bmo#1610426) Missing bounds check on     shared memory read in the parent process

  - CVE-2020-6797 (bmo#1596668) Extensions granted     downloads.open permission could open arbitrary     applications on Mac OSX

  - CVE-2020-6798 (bmo#1602944) Incorrect parsing of     template tag could result in JavaScript injection

  - CVE-2020-6799 (bmo#1606596) Arbitrary code execution     when opening pdf links from other applications, when     Firefox is configured as default pdf reader

  - CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,     bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)     Memory safety bugs fixed in Firefox 73 and Firefox ESR     68.5

  - Fixed: Fixed various issues opening files with spaces in     their path (bmo#1601905, bmo#1602726)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox fixes the following issues :

Firefox Extended Support Release 68.5.0 ESR

  - Fixed: Various stability and security fixes

Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368)

  - CVE-2020-6796 (bmo#1610426) Missing bounds check on     shared memory read in the parent process

  - CVE-2020-6797 (bmo#1596668) Extensions granted     downloads.open permission could open arbitrary     applications on Mac OSX

  - CVE-2020-6798 (bmo#1602944) Incorrect parsing of     template tag could result in JavaScript injection

  - CVE-2020-6799 (bmo#1606596) Arbitrary code execution     when opening pdf links from other applications, when     Firefox is configured as default pdf reader

  - CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,     bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)     Memory safety bugs fixed in Firefox 73 and Firefox ESR     68.5

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaThunderbird fixes the following issues :

  - Mozilla Thunderbird 68.5 (bsc#1162777) MFSA 2020-07     (bsc#1163368)

  - CVE-2020-6793 (bmo#1608539) Out-of-bounds read when     processing certain email messages

  - CVE-2020-6794 (bmo#1606619) Setting a master password     post-Thunderbird 52 does not delete unencrypted     previously stored passwords

  - CVE-2020-6795 (bmo#1611105) Crash processing S/MIME     messages with multiple signatures

  - CVE-2020-6797 (bmo#1596668) Extensions granted     downloads.open permission could open arbitrary     applications on Mac OSX

  - CVE-2020-6798 (bmo#1602944) Incorrect parsing of     template tag could result in JavaScript injection

  - CVE-2020-6792 (bmo#1609607) Message ID calculcation was     based on uninitialized data

  - CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,     bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)     Memory safety bugs fixed in Thunderbird 68.5

  - new: Support for Client Identity IMAP/SMTP Service     Extension (bmo#1532388)

  - new: Support for OAuth 2.0 authentication for POP3     accounts (bmo#1538409)

  - fixed: Status area goes blank during account setup     (bmo#1593122)

  - fixed: Calendar: Could not remove color for default     categories (bmo#1584853)

  - fixed: Calendar: Prevent calendar component loading     multiple times (bmo#1606375)

  - fixed: Calendar: Today pane did not retain width between     sessions (bmo#1610207)

  - unresolved: When upgrading from Thunderbird version 60     to version 68, add-ons are not automatically updated     during the upgrade process. They will however be updated     during the add- on update check. It is of course     possible to reinstall compatible add-ons via the Add-ons     Manager or via addons.thunderbird.net. (bmo#1574183)

  - changed: Calendar: Task and Event tree colours adjusted     for the dark theme (bmo#1608344)

  - fixed: Retrieval of S/MIME certificates from LDAP failed     (bmo#1604773)

  - fixed: Address-parsing crash on some IMAP servers when     preference mail.imap.use_envelope_cmd was set     (bmo#1609690)

  - fixed: Incorrect forwarding of HTML messages caused SMTP     servers to respond with a timeout (bmo#1222046)

  - fixed: Calendar: Various parts of the calendar UI     stopped working when a second Thunderbird window opened     (bmo#1608407)

This update was imported from the SUSE:SLE-15:Update update project.

This update for MozillaFirefox fixes the following issues :

  - Firefox Extended Support Release 68.5.0 ESR

  - Fixed: Various stability and security fixes

  - Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368)

  - CVE-2020-6796 (bmo#1610426) Missing bounds check on     shared memory read in the parent process

  - CVE-2020-6797 (bmo#1596668) Extensions granted     downloads.open permission could open arbitrary     applications on Mac OSX

  - CVE-2020-6798 (bmo#1602944) Incorrect parsing of     template tag could result in JavaScript injection

  - CVE-2020-6799 (bmo#1606596) Arbitrary code execution     when opening pdf links from other applications, when     Firefox is configured as default pdf reader

  - CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,     bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)     Memory safety bugs fixed in Firefox 73 and Firefox ESR     68.5

This update was imported from the SUSE:SLE-15:Update update project.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 73.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-05 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 68.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-07 advisory.

  - When processing an email message with an ill-formed     envelope, Thunderbird could read data from a random     memory location. (CVE-2020-6793)

  - If a user saved passwords before Thunderbird 60 and then     later set a master password, an unencrypted copy of     these passwords is still accessible. This is because the     older stored password file was not deleted when the data     was copied to a new format starting in Thunderbird 60.
    The new master password is added only on the new file.
    This could allow the exposure of stored password data     outside of user expectations. (CVE-2020-6794)

  - When processing a message that contains multiple S/MIME     signatures, a bug in the MIME processing code caused a     null pointer dereference, leading to an unexploitable     crash. (CVE-2020-6795)

  - By downloading a file with the .fileloc extension, a     semi-privileged extension could launch an arbitrary     application on the user's computer. The attacker is     restricted as they are unable to download non-     quarantined files or supply command line arguments to     the application, limiting the impact.Note: this     issue only occurs on Mac OSX. Other operating systems     are unaffected. (CVE-2020-6797)

  - If a <template> tag was used in a     <select%gt; tag, the parser could be     confused and allow JavaScript parsing and execution when     it should not be allowed. A site that relied on the     browser behaving correctly could suffer a cross-site     scripting vulnerability as a result.In general, this     flaw cannot be exploited through email in the     Thunderbird product because scripting is disabled when     reading mail, but is potentially a risk in browser or     browser-like contexts. (CVE-2020-6798)

  - When deriving an identifier for an email message,     uninitialized memory was used in addition to the message     contents. (CVE-2020-6792)

  - Mozilla developers and community members Raul Gurzau,     Tyson Smith, Bob Clary, Liz Henry, and Christian Holler     reported memory safety bugs present in Firefox 72 and     Firefox ESR 68.4. Some of these bugs showed evidence of     memory corruption and we presume that with enough effort     some of these could have been exploited to run arbitrary     code.In general, these flaws cannot be exploited     through email in the Thunderbird product because     scripting is disabled when reading mail, but are     potentially risks in browser or browser-like contexts.
    (CVE-2020-6800)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

New mozilla-thunderbird packages are available for Slackware 14.2 and
-current to fix security issues.

New mozilla-firefox packages are available for Slackware 14.2 and
-current to fix security issues.

ID	Name	Product	Family	Severity
150679	SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14290-1)	Nessus	SuSE Local Security Checks	high
134469	GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
133849	Mozilla Firefox ESR < 68.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	high
133762	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0384-1)	Nessus	SuSE Local Security Checks	high
133761	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0383-1)	Nessus	SuSE Local Security Checks	high
133760	openSUSE Security Update : MozillaThunderbird (openSUSE-2020-231)	Nessus	SuSE Local Security Checks	high
133759	openSUSE Security Update : MozillaFirefox (openSUSE-2020-230)	Nessus	SuSE Local Security Checks	high
133692	Mozilla Firefox < 73.0	Nessus	MacOS X Local Security Checks	high
133690	Mozilla Thunderbird < 68.5	Nessus	MacOS X Local Security Checks	high
133643	Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-042-02)	Nessus	Slackware Local Security Checks	high
133642	Slackware 14.2 / current : mozilla-firefox (SSA:2020-042-01)	Nessus	Slackware Local Security Checks	high

Detections

Analytics

CVE-2020-6797

medium

Tenable Plugins

high

critical

high

high

high

high

high

high

high

high

high