Lucene search

DebianDEBIAN:DLA-2457-1:06258

HistoryNov 19, 2020 - 10:07 a.m.

[SECURITY] [DLA 2457-1] firefox-esr security update

2020-11-1910:07:14

lists.debian.org

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

JSON

Debian LTS Advisory DLA-2457-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
November 19, 2020 https://wiki.debian.org/LTS

Package : firefox-esr
Version : 78.5.0esr-1~deb9u1
CVE ID : CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956
CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961
CVE-2020-26965 CVE-2020-26968

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure, phishing, cross-site scripting or a DNS
rebinding attack.

For Debian 9 stretch, these problems have been fixed in version
78.5.0esr-1~deb9u1.

We recommend that you upgrade your firefox-esr packages.

For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9alliceweasel-l10n-es-cl< 1:78.5.0esr-1~deb9u1iceweasel-l10n-es-cl_1:78.5.0esr-1~deb9u1_all.deb
Debian9allthunderbird-l10n-es-es< 1:78.5.0-1~deb9u1thunderbird-l10n-es-es_1:78.5.0-1~deb9u1_all.deb
Debian9alliceweasel-l10n-xh< 1:78.5.0esr-1~deb9u1iceweasel-l10n-xh_1:78.5.0esr-1~deb9u1_all.deb
Debian10allthunderbird-l10n-he< 1:78.5.0-1~deb10u1thunderbird-l10n-he_1:78.5.0-1~deb10u1_all.deb
Debian9alliceweasel-l10n-km< 1:78.5.0esr-1~deb9u1iceweasel-l10n-km_1:78.5.0esr-1~deb9u1_all.deb
Debian10allthunderbird-l10n-fr< 1:78.5.0-1~deb10u1thunderbird-l10n-fr_1:78.5.0-1~deb10u1_all.deb
Debian10alllightning-l10n-vi< 1:78.5.0-1~deb10u1lightning-l10n-vi_1:78.5.0-1~deb10u1_all.deb
Debian9allthunderbird-l10n-nl< 1:78.5.0-1~deb9u1thunderbird-l10n-nl_1:78.5.0-1~deb9u1_all.deb
Debian10alllightning-l10n-gl< 1:78.5.0-1~deb10u1lightning-l10n-gl_1:78.5.0-1~deb10u1_all.deb
Debian10allfirefox-esr-l10n-gd< 78.5.0esr-1~deb10u1firefox-esr-l10n-gd_78.5.0esr-1~deb10u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	all	iceweasel-l10n-es-cl	< 1:78.5.0esr-1~deb9u1	iceweasel-l10n-es-cl_1:78.5.0esr-1~deb9u1_all.deb
Debian	9	all	thunderbird-l10n-es-es	< 1:78.5.0-1~deb9u1	thunderbird-l10n-es-es_1:78.5.0-1~deb9u1_all.deb
Debian	9	all	iceweasel-l10n-xh	< 1:78.5.0esr-1~deb9u1	iceweasel-l10n-xh_1:78.5.0esr-1~deb9u1_all.deb
Debian	10	all	thunderbird-l10n-he	< 1:78.5.0-1~deb10u1	thunderbird-l10n-he_1:78.5.0-1~deb10u1_all.deb
Debian	9	all	iceweasel-l10n-km	< 1:78.5.0esr-1~deb9u1	iceweasel-l10n-km_1:78.5.0esr-1~deb9u1_all.deb
Debian	10	all	thunderbird-l10n-fr	< 1:78.5.0-1~deb10u1	thunderbird-l10n-fr_1:78.5.0-1~deb10u1_all.deb
Debian	10	all	lightning-l10n-vi	< 1:78.5.0-1~deb10u1	lightning-l10n-vi_1:78.5.0-1~deb10u1_all.deb
Debian	9	all	thunderbird-l10n-nl	< 1:78.5.0-1~deb9u1	thunderbird-l10n-nl_1:78.5.0-1~deb9u1_all.deb
Debian	10	all	lightning-l10n-gl	< 1:78.5.0-1~deb10u1	lightning-l10n-gl_1:78.5.0-1~deb10u1_all.deb
Debian	10	all	firefox-esr-l10n-gd	< 78.5.0esr-1~deb10u1	firefox-esr-l10n-gd_78.5.0esr-1~deb10u1_all.deb