L'équipe Vigil@nce veille les vulnérabilités publiques qui affectent votre parc informatique, puis propose des correctifs sécurité, une base de données de vigilance et des outils pour y remédier.

Vulnérabilités informatiques de Firefox

Skia : obtention d'information via Timing Side-channel drawImage
Un attaquant peut contourner les restrictions d'accès aux données via Timing Side-channel drawImage() de Skia, afin d'obtenir des informations sensibles...
CERTFR-2020-AVI-766, CVE-2020-16012, DLA-2457-1, DLA-2464-1, DSA-4793-1, DSA-4796-1, DSA-4824-1, FEDORA-2020-10ec8aca61, FEDORA-2020-24bedcb95c, FEDORA-2020-3e005ce2e0, FEDORA-2020-9493cfc1ac, FEDORA-2020-b4b9280811, FEDORA-2020-f9f7305137, MFSA2020-50, MFSA2020-51, MFSA2020-52, openSUSE-SU-2020:2010-1, openSUSE-SU-2020:2012-1, openSUSE-SU-2020:2020-1, openSUSE-SU-2020:2021-1, openSUSE-SU-2020:2026-1, openSUSE-SU-2020:2031-1, openSUSE-SU-2020:2032-1, openSUSE-SU-2020:2055-1, openSUSE-SU-2020:2096-1, openSUSE-SU-2020:2187-1, openSUSE-SU-2020:2315-1, RHSA-2020:5231-01, RHSA-2020:5232-01, RHSA-2020:5233-01, RHSA-2020:5234-01, RHSA-2020:5235-01, RHSA-2020:5236-01, RHSA-2020:5237-01, RHSA-2020:5238-01, RHSA-2020:5239-01, RHSA-2020:5240-01, RHSA-2020:5257-01, RHSA-2020:5314-01, SUSE-SU-2020:14548-1, SUSE-SU-2020:3383-1, SUSE-SU-2020:3458-1, SUSE-SU-2020:3528-1, SUSE-SU-2020:3548-1, USN-4637-1, USN-4637-2, USN-4647-1, VIGILANCE-VUL-33923
usersctp : utilisation de mémoire libérée via sctp_process_a_data_chunk
Un attaquant peut provoquer l'utilisation d'une zone mémoire libérée via sctp_process_a_data_chunk() de usersctp, afin de mener un déni de service, et éventuellement d'exécuter du code...
ADV200002, CVE-2020-15969, DLA-2411-1, DLA-2416-1, DSA-4778-1, DSA-4780-1, DSA-4824-1, FEDORA-2020-127d40f1ab, FEDORA-2020-4e8e48da22, FEDORA-2020-8aca25b5c8, FEDORA-2020-aba1d14e9e, FEDORA-2021-bdaf015218, HT212003, MFSA2020-45, MFSA2020-46, openSUSE-SU-2020:1705-1, openSUSE-SU-2020:1715-1, openSUSE-SU-2020:1731-1, openSUSE-SU-2020:1732-1, openSUSE-SU-2020:1748-1, openSUSE-SU-2020:1780-1, openSUSE-SU-2020:1785-1, openSUSE-SU-2020:1829-1, RHSA-2020:4235-01, RHSA-2020:4310-01, RHSA-2020:4311-01, RHSA-2020:4315-01, RHSA-2020:4317-01, RHSA-2020:4330-01, RHSA-2020:4909-01, RHSA-2020:4913-01, RHSA-2020:4944-01, RHSA-2020:4945-01, RHSA-2020:4947-01, RHSA-2020:4948-01, SUSE-SU-2020:14522-1, SUSE-SU-2020:3021-1, SUSE-SU-2020:3022-1, SUSE-SU-2020:3053-1, SUSE-SU-2020:3091-1, USN-4599-1, USN-4599-2, USN-4599-3, USN-4647-1, VIGILANCE-VUL-33635
WebRTC : obtention d'information via Internal Address Leak
Un attaquant peut contourner les restrictions d'accès aux données via Internal Address Leak de WebRTC, afin d'obtenir des informations sensibles...
ADV200002, bulletinjul2020, CVE-2020-6514, DLA-2297-1, DLA-2310-1, DSA-4736-1, DSA-4740-1, DSA-4824-1, FEDORA-2020-84d87cbd50, FEDORA-2020-bf684961d9, FEDORA-2021-bdaf015218, MFSA2020-30, MFSA2020-31, MFSA2020-32, openSUSE-SU-2020:1020-1, openSUSE-SU-2020:1021-1, openSUSE-SU-2020:1048-1, openSUSE-SU-2020:1061-1, openSUSE-SU-2020:1147-1, openSUSE-SU-2020:1148-1, openSUSE-SU-2020:1155-1, openSUSE-SU-2020:1172-1, openSUSE-SU-2020:1179-1, openSUSE-SU-2020:1189-1, openSUSE-SU-2020:1205-1, RHSA-2020:3229-01, RHSA-2020:3233-01, RHSA-2020:3241-01, RHSA-2020:3253-01, RHSA-2020:3254-01, RHSA-2020:3341-01, RHSA-2020:3342-01, RHSA-2020:3343-01, RHSA-2020:3344-01, RHSA-2020:3345-01, RHSA-2020:3377-01, SSA:2020-209-01, SSA:2020-213-01, SUSE-SU-2020:14456-1, SUSE-SU-2020:2100-1, SUSE-SU-2020:2118-1, SUSE-SU-2020:2147-1, SUSE-SU-2020:2179-1, USN-4443-1, VIGILANCE-VUL-32960
ANGLE : utilisation de mémoire libérée via gl-Texture-onUnbindAsSamplerTexture
Un attaquant peut provoquer l'utilisation d'une zone mémoire libérée via gl::Texture::onUnbindAsSamplerTexture() de ANGLE, afin de mener un déni de service, et éventuellement d'exécuter du code...
ADV200002, bulletinjul2020, CVE-2020-6463, DLA-2297-1, DLA-2310-1, DSA-4714-1, DSA-4714-2, DSA-4714-3, DSA-4736-1, DSA-4740-1, FEDORA-2020-0e7f1b663b, FEDORA-2020-da49fbb17c, MFSA2020-30, MFSA2020-31, MFSA2020-32, openSUSE-SU-2020:0604-1, openSUSE-SU-2020:0615-1, openSUSE-SU-2020:0635-1, openSUSE-SU-2020:0823-1, openSUSE-SU-2020:1147-1, openSUSE-SU-2020:1155-1, openSUSE-SU-2020:1179-1, openSUSE-SU-2020:1189-1, openSUSE-SU-2020:1205-1, RHSA-2020:1970-01, RHSA-2020:3229-01, RHSA-2020:3233-01, RHSA-2020:3241-01, RHSA-2020:3253-01, RHSA-2020:3254-01, RHSA-2020:3341-01, RHSA-2020:3342-01, RHSA-2020:3343-01, RHSA-2020:3344-01, RHSA-2020:3345-01, SSA:2020-209-01, SSA:2020-213-01, SUSE-SU-2020:14456-1, SUSE-SU-2020:2100-1, SUSE-SU-2020:2118-1, SUSE-SU-2020:2147-1, SUSE-SU-2020:2179-1, USN-4443-1, VIGILANCE-VUL-32959
Mozilla NSS : obtention d'information via Scalar Padding
Un attaquant peut contourner les restrictions d'accès aux données via Scalar Padding de Mozilla NSS, afin d'obtenir des informations sensibles...
1631573, CVE-2020-12401, DLA-2388-1, FEDORA-2020-426fd04fd0, FEDORA-2020-481c7e285d, FEDORA-2020-f136f60e5f, MFSA2020-36, RHSA-2020:4076-01, USN-4455-1, USN-4474-1, USN-4474-2, VIGILANCE-VUL-32922
Mozilla NSS : obtention d'information via P521
Un attaquant peut contourner les restrictions d'accès aux données via P521 de Mozilla NSS, afin d'obtenir des informations sensibles...
1631583, CVE-2020-12400, DLA-2388-1, FEDORA-2020-f136f60e5f, MFSA2020-36, RHSA-2020:4076-01, RHSA-2021:0538-01, USN-4455-1, USN-4474-1, USN-4474-2, VIGILANCE-VUL-32921
Mozilla NSS : obtention d'information via P384
Un attaquant peut contourner les restrictions d'accès aux données via P384 de Mozilla NSS, afin d'obtenir des informations sensibles...
1631583, CVE-2020-6829, DLA-2388-1, FEDORA-2020-f136f60e5f, MFSA2020-36, RHSA-2020:4076-01, RHSA-2021:0538-01, USN-4455-1, USN-4474-1, USN-4474-2, VIGILANCE-VUL-32920
Firefox : obtention d'information via X-Frame-Options Bypass
Un attaquant peut contourner les restrictions d'accès aux données via X-Frame-Options Bypass de Firefox, afin d'obtenir des informations sensibles...
CERTFR-2020-AVI-422, MFSA2020-28, openSUSE-SU-2020:1034-1, openSUSE-SU-2020:1042-1, SUSE-SU-2020:1958-1, USN-4423-1, VIGILANCE-VUL-32786
Mozilla Firefox/Thunderbird : multiples vulnérabilités
Un attaquant peut employer plusieurs vulnérabilités de Mozilla Firefox/Thunderbird...
bulletinjul2020, bulletinoct2020, CERTFR-2020-AVI-405, CERTFR-2020-AVI-408, CERTFR-2020-AVI-448, CVE-2020-12415, CVE-2020-12416, CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421, CVE-2020-12422, CVE-2020-12423, CVE-2020-12424, CVE-2020-12425, CVE-2020-12426, CVE-2020-15646, DSA-4713-1, DSA-4718-1, FEDORA-2020-55077d678a, FEDORA-2020-8ba9376229, MFSA2020-24, MFSA2020-25, MFSA2020-26, MFSA2020-29, openSUSE-SU-2020:0967-1, openSUSE-SU-2020:0982-1, openSUSE-SU-2020:0983-1, openSUSE-SU-2020:1017-1, RHSA-2020:2824-01, RHSA-2020:2825-01, RHSA-2020:2826-01, RHSA-2020:2827-01, RHSA-2020:2828-01, RHSA-2020:2906-01, RHSA-2020:2966-01, RHSA-2020:3038-01, RHSA-2020:3046-01, RHSA-2020:3555-01, RHSA-2020:3556-01, RHSA-2020:3557-01, RHSA-2020:3558-01, RHSA-2020:3559-01, RHSA-2020:4080-01, SSA:2020-181-01, SUSE-SU-2020:14421-1, USN-4408-1, USN-4421-1, VIGILANCE-VUL-32644
Mozilla NSS : obtention d'information via MPI Modular Inversion
Un attaquant peut contourner les restrictions d'accès aux données via MPI Modular Inversion de Mozilla NSS, afin d'obtenir des informations sensibles...
bulletinoct2020, CERTFR-2020-AVI-448, CVE-2020-12402, DLA-2266-1, DLA-2388-1, DSA-4726-1, FEDORA-2020-16741ac7ff, FEDORA-2020-3ef1937475, MFSA2020-29, openSUSE-SU-2020:0953-1, openSUSE-SU-2020:0955-1, openSUSE-SU-2020:0983-1, openSUSE-SU-2020:1017-1, RHSA-2020:3280-01, RHSA-2020:4076-01, SSA:2020-181-01, SUSE-SU-2020:14418-1, SUSE-SU-2020:14421-1, SUSE-SU-2020:1839-1, SUSE-SU-2020:1850-1, USN-4417-1, USN-4417-2, VIGILANCE-VUL-32574
Notre base de données contient d'autres bulletins. Vous pouvez utiliser un essai gratuit pour les consulter.

Consulter les informations sur Firefox :