Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0878
firefox-esr security update
12 March 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: firefox-esr
Publisher: Debian
Operating System: Debian GNU/Linux 8
Debian GNU/Linux 9
Debian GNU/Linux 10
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-6814 CVE-2020-6812 CVE-2020-6811
CVE-2020-6807 CVE-2020-6806 CVE-2020-6805
CVE-2019-20503
Reference: ESB-2020.0868
ESB-2020.0866
Original Bulletin:
https://www.debian.org/lts/security/2020/dla-2140
https://www.debian.org/security/2020/dsa-4639
Comment: This bulletin contains two (2) Debian security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : firefox-esr
Version : 68.6.0esr-1~deb8u1
CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807
CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.
For Debian 8 "Jessie", these problems have been fixed in version
68.6.0esr-1~deb8u1.
We recommend that you upgrade your firefox-esr packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl5pWWkACgkQnUbEiOQ2
gwJdFRAAmiEkBAyHnzWtzQ2ixM25GSK+wBG66SmEjvpy/57+VjU8rTeV7ZslIlAA
vfRVJU2wlMQbvMHf+ZJeYq3UkyRYXTPEL8Z6tvRSthUfJRDL+7MRrKIt9ubOMLfX
30FPTJsDAg9C2g+vQLOf+dJAVM+aWG7u4R7N6UabY0N6aa1nEKNHYUnx12xNblDM
WAHtb/e66+l1FDLZcyEUz9M74YrS1OObH6BF2wpLEL30cP+D8j1NCzK7Ixck6W6Q
GT5rTg8hLCht+QFSAwe77ySaXksy0DLzN4XauACE67Afn10dZcHbMST8W5jO9ZwZ
g7Dq+3iw7o96ZwnMVz8em7WEFzDBCSFQAmz/hGLVSZhwrP3jTjAwavqFFLiLM5sQ
2MYXUCr0VGuTZ0zgcMSmazRb7+F6K7X8wcDZ0g/VYKQ73+76FePGpGiwI0jkJJct
ZvzSjlvjCwcjTAV5xiJkjtL4cELew1U865B6hw7Woy5jIJtap6Dp9kTRWMjtXAOs
EPhJQhP5CyKsbsZ09757OMb5parlgDiv18lMCScR2L1DYUKF0M1le1QKlzTzKBBo
YEVvfvbVwocMmQRKEGmv4EQf/2RQHNOCOvgq1oe1EZ3oKVxiysPamzM+ApMkUZOV
vU1bFnryEFvHowYb7SQlZET+OVlrIF8r9r5RQMIjf7LHBAl9Kow=
=HkZ8
- -----END PGP SIGNATURE-----
- --------------------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4639-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 11, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : firefox-esr
CVE ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807
CVE-2020-6811 CVE-2020-6812 CVE-2020-6814
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.
For the oldstable distribution (stretch), these problems have been fixed
in version 68.6.0esr-1~deb9u1.
For the stable distribution (buster), these problems have been fixed in
version 68.6.0esr-1~deb10u1.
We recommend that you upgrade your firefox-esr packages.
For the detailed security status of firefox-esr please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/firefox-esr
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5pOM4ACgkQEMKTtsN8
TjYgNRAAjqHD8ZWHZPCnBeZ0AjJ5vtvMJzRLMEtcWQ3qDq9vhXvcdDD4bJ7Mc85n
Ma6+4J1/l4Q0G3c/QKCDaGf26RZqvo76Ql1E5ct7M3C82kpDdEHaAW/UWF+v2XhR
89M0SLecr6C8SVlMxHB0kV15N/L9sekOOQgFHK3hDO8eArPNgmwQqjOtLDS9A+1U
FGiDMN6OyKMKx+ItAU4TaCVs3EEbxcBvLKcJ7zvxX/FY9AYR1NOmHlKUKRgCnlzV
yd4LEyEwDLzAjuGI77K8sGa7Zq73ttWj4tBl+NgiWEoIoUGEfn3l0grR/VeCI8Hk
6GYYrRd9ChOhnPqZHMxaLEuaLBvnj85qUQwR0xBb+fsarJwum84jNKznbt/2my/r
zutYM9K6lL8DdKopKbwARWOlAR5hhw++5d6cKxNVgVBmR9FbdkZDoHnlqyRTZCtw
MbNHT5KNZzcVXuu5H7HrgIQ+cMdBHphoIG4ZPUCJeESu4YK6vSr1S3BCEBI+4243
i3Hy7A09a7j7Th13ZnQ02Y4Rwc6nF0MjuhaYWT20ysM8RF+pntIuRHL5kF5MtCJ6
1QqzHU7PfQ/yNFZbaabazzUPgO34KkWiMRt42XZZBztPeNoNe7ql6Qp/rIXgtZWs
ZT8Fa4jKGviVEZFxWKwt0/U1UKPAAB+4b93MC+qfY/5BLbtWD1o=
=tfz5
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXml672aOgq3Tt24GAQji0Q/+NZuHr+6ynKc9r6QlU6MC3uYh+ORq6VpN
bIWRLtwPGFHmy/UQ4l632IwJym0xUkHOJv5DK80vzGmoOA2Xb7OJiZ4fhTFksqaH
nzmH+zRE8id2Ce2ezPfI/t5RfYpbuZNUuA4jIjscNEpbYt3JeVSFYoAd2npitgC3
a5N9AiI2hkvQPbQh8jdbS1Cr/f9e+GH2pxkLgnfmb+qUn+oObBaVpiKzprZclyPY
2WAMg8j75ej6Dd1M4+0tocYA4fuHNbd+9goZdeSqHKjxIiqb80qoJT8Tzgmmlgy/
5N9iM4M3EwJU1zc5QHaV8/PjngKjN0djEeMqB3NuqjbGtUffiVBAtQb2HkoRDds0
pf+loDrIG0DBPl/KrC/nGeJZTRnfNkWOJ1eD9LEOxV4ty1c3kz3Q9VdHevcOTaGm
2t1ZYq/MNvdjmrFC08EA8GS8Ew1VxHFIjhoFcI1Lwu9PHtHz9+QJ5ZWxPvUAF3YF
flta76J8R8kvOaqYpghI1ucWHnedym4oXVo+NH3FjHO5LHAis685jGu/S2UVA75e
ZbtR7VWS1WnKeqUpx27Lu2ffuiKwv6RrfDvzsyKE5sOvE4YXMzx8uF/SzoLr5OIf
jf5eFbHi+cHOUDyFg75UgDsRT0NeCBtvoavrQqh8KZWVHHuUuWqWVX5TOCwskaJF
Tel3ij6hnmM=
=Tbyp
-----END PGP SIGNATURE-----