Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0878 firefox-esr security update 12 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox-esr Publisher: Debian Operating System: Debian GNU/Linux 8 Debian GNU/Linux 9 Debian GNU/Linux 10 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-6814 CVE-2020-6812 CVE-2020-6811 CVE-2020-6807 CVE-2020-6806 CVE-2020-6805 CVE-2019-20503 Reference: ESB-2020.0868 ESB-2020.0866 Original Bulletin: https://www.debian.org/lts/security/2020/dla-2140 https://www.debian.org/security/2020/dsa-4639 Comment: This bulletin contains two (2) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : firefox-esr Version : 68.6.0esr-1~deb8u1 CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 8 "Jessie", these problems have been fixed in version 68.6.0esr-1~deb8u1. We recommend that you upgrade your firefox-esr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5pWWkACgkQnUbEiOQ2 gwJdFRAAmiEkBAyHnzWtzQ2ixM25GSK+wBG66SmEjvpy/57+VjU8rTeV7ZslIlAA vfRVJU2wlMQbvMHf+ZJeYq3UkyRYXTPEL8Z6tvRSthUfJRDL+7MRrKIt9ubOMLfX 30FPTJsDAg9C2g+vQLOf+dJAVM+aWG7u4R7N6UabY0N6aa1nEKNHYUnx12xNblDM WAHtb/e66+l1FDLZcyEUz9M74YrS1OObH6BF2wpLEL30cP+D8j1NCzK7Ixck6W6Q GT5rTg8hLCht+QFSAwe77ySaXksy0DLzN4XauACE67Afn10dZcHbMST8W5jO9ZwZ g7Dq+3iw7o96ZwnMVz8em7WEFzDBCSFQAmz/hGLVSZhwrP3jTjAwavqFFLiLM5sQ 2MYXUCr0VGuTZ0zgcMSmazRb7+F6K7X8wcDZ0g/VYKQ73+76FePGpGiwI0jkJJct ZvzSjlvjCwcjTAV5xiJkjtL4cELew1U865B6hw7Woy5jIJtap6Dp9kTRWMjtXAOs EPhJQhP5CyKsbsZ09757OMb5parlgDiv18lMCScR2L1DYUKF0M1le1QKlzTzKBBo YEVvfvbVwocMmQRKEGmv4EQf/2RQHNOCOvgq1oe1EZ3oKVxiysPamzM+ApMkUZOV vU1bFnryEFvHowYb7SQlZET+OVlrIF8r9r5RQMIjf7LHBAl9Kow= =HkZ8 - -----END PGP SIGNATURE----- - -------------------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4639-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 11, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the oldstable distribution (stretch), these problems have been fixed in version 68.6.0esr-1~deb9u1. For the stable distribution (buster), these problems have been fixed in version 68.6.0esr-1~deb10u1. We recommend that you upgrade your firefox-esr packages. For the detailed security status of firefox-esr please refer to its security tracker page at: https://security-tracker.debian.org/tracker/firefox-esr Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5pOM4ACgkQEMKTtsN8 TjYgNRAAjqHD8ZWHZPCnBeZ0AjJ5vtvMJzRLMEtcWQ3qDq9vhXvcdDD4bJ7Mc85n Ma6+4J1/l4Q0G3c/QKCDaGf26RZqvo76Ql1E5ct7M3C82kpDdEHaAW/UWF+v2XhR 89M0SLecr6C8SVlMxHB0kV15N/L9sekOOQgFHK3hDO8eArPNgmwQqjOtLDS9A+1U FGiDMN6OyKMKx+ItAU4TaCVs3EEbxcBvLKcJ7zvxX/FY9AYR1NOmHlKUKRgCnlzV yd4LEyEwDLzAjuGI77K8sGa7Zq73ttWj4tBl+NgiWEoIoUGEfn3l0grR/VeCI8Hk 6GYYrRd9ChOhnPqZHMxaLEuaLBvnj85qUQwR0xBb+fsarJwum84jNKznbt/2my/r zutYM9K6lL8DdKopKbwARWOlAR5hhw++5d6cKxNVgVBmR9FbdkZDoHnlqyRTZCtw MbNHT5KNZzcVXuu5H7HrgIQ+cMdBHphoIG4ZPUCJeESu4YK6vSr1S3BCEBI+4243 i3Hy7A09a7j7Th13ZnQ02Y4Rwc6nF0MjuhaYWT20ysM8RF+pntIuRHL5kF5MtCJ6 1QqzHU7PfQ/yNFZbaabazzUPgO34KkWiMRt42XZZBztPeNoNe7ql6Qp/rIXgtZWs ZT8Fa4jKGviVEZFxWKwt0/U1UKPAAB+4b93MC+qfY/5BLbtWD1o= =tfz5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXml672aOgq3Tt24GAQji0Q/+NZuHr+6ynKc9r6QlU6MC3uYh+ORq6VpN bIWRLtwPGFHmy/UQ4l632IwJym0xUkHOJv5DK80vzGmoOA2Xb7OJiZ4fhTFksqaH nzmH+zRE8id2Ce2ezPfI/t5RfYpbuZNUuA4jIjscNEpbYt3JeVSFYoAd2npitgC3 a5N9AiI2hkvQPbQh8jdbS1Cr/f9e+GH2pxkLgnfmb+qUn+oObBaVpiKzprZclyPY 2WAMg8j75ej6Dd1M4+0tocYA4fuHNbd+9goZdeSqHKjxIiqb80qoJT8Tzgmmlgy/ 5N9iM4M3EwJU1zc5QHaV8/PjngKjN0djEeMqB3NuqjbGtUffiVBAtQb2HkoRDds0 pf+loDrIG0DBPl/KrC/nGeJZTRnfNkWOJ1eD9LEOxV4ty1c3kz3Q9VdHevcOTaGm 2t1ZYq/MNvdjmrFC08EA8GS8Ew1VxHFIjhoFcI1Lwu9PHtHz9+QJ5ZWxPvUAF3YF flta76J8R8kvOaqYpghI1ucWHnedym4oXVo+NH3FjHO5LHAis685jGu/S2UVA75e ZbtR7VWS1WnKeqUpx27Lu2ffuiKwv6RrfDvzsyKE5sOvE4YXMzx8uF/SzoLr5OIf jf5eFbHi+cHOUDyFg75UgDsRT0NeCBtvoavrQqh8KZWVHHuUuWqWVX5TOCwskaJF Tel3ij6hnmM= =Tbyp -----END PGP SIGNATURE-----