VAR-202011-0444
Vulnerability from variot - Updated: 2026-04-10 23:11Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome is a web browser developed by Google (Google). Chrome has security holes.
For the stable distribution (buster), these problems have been fixed in version 78.4.0esr-1~deb10u2.
We recommend that you upgrade your firefox-esr packages. 6) - i386, x86_64
- Description:
Mozilla Thunderbird is a standalone mail and newsgroup client. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2020-12-14-7 tvOS 14.3
tvOS 14.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212005.
CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab
FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An information disclosure issue was addressed with improved state management. CVE-2020-27946: Mateusz Jurczyk of Google Project Zero
FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. CVE-2020-27943: Mateusz Jurczyk of Google Project Zero CVE-2020-27944: Mateusz Jurczyk of Google Project Zero
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to heap corruption Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab CVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab
ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2020-29611: Ivan Fratric of Google Project Zero
WebRTC Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2020-15969: an anonymous researcher
Installation note:
Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software."
To check the current version of software, select "Settings -> General -> About."
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBnkACgkQZcsbuWJ6 jjAdUA/+IW1Va0vmKcDFand0B8Y1lkRDdThXQ/lQmLJCPNJ1hQLQZSLUzpYvjyLi UAepoh/ToYtt9YivitmjfNHxjLvYw/xRV13cpsVMcCvQhhS1N5s4aJEL6f+0LEhv 6U0JvjGoa6/By4sQksdPZnipoNRzEJ3KWRJrFkLnGwvH+uT6KbuzjXqfHwkHJfV2 XgghEJzvoLT1cbXp6XNO/YOV++eeDBkW0L80YukQ2RPDHi3N99Aue9ADe+pbQJH1 eJBWdZV99zjHZrStXKBQ7CF5i9hJnludrMo0V+RgMXRhLrfW5dm6Ww3kLm4okj+D spAJy8WepCRFwth9+yFcmdxyv2aZJ0MvxuFAIL6Sv9E0FvMW8fPbRHcsJDDTAt4f mKUPwUex183P7li3SYEK/I1ItcMh039wlulkiP5xw/6JGDIDh7ryOaTPCvnz+MIx OzcgtdNFLcTA2BDEQwITEp+fpuqAlXw3ykbq5yYZz3AJXxKLVXVLeuB1oEkHJmRi 4EUXb7Lb5TEoMj1dbCmmr6q3eWGCPj5CJcTFJMTNWx8aW4u889mi7FqCnXasAc3M jg5eSRy+97+tOsdgUYFoMekJqF8jJbljDH1NDmEbMtVc+F7jT4khXN9fRLvqN6An P4web66vaHKZbUnMDtXHjMSkfniHUT39JKm7CJPNC/vf2HF9HQM=4OzT -----END PGP SIGNATURE-----
.
Background
Library for rendering dynamic web content in Qt5 C++ and QML applications. 8.0) - ppc64le, x86_64
-
Gentoo Linux Security Advisory GLSA 202010-08
https://security.gentoo.org/
Severity: Normal Title: Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilities Date: October 28, 2020 Bugs: #750446 ID: 202010-08
Synopsis
Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.
Affected packages
Package / Vulnerable / Unaffected
1 www-client/firefox < 82.0 >= 78.4.0:0/esr78
= 82.0 2 www-client/firefox-bin < 82.0 >= 78.4.0:0/esr78 = 82.0 3 mail-client/thunderbird < 78.4.0 >= 78.4.0 4 mail-client/thunderbird-bin < 78.4.0 >= 78.4.0
4 affected packages
Description
Multiple vulnerabilities have been discovered in Mozilla Firefox and Mozilla Thunderbird. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-82.0"
All Mozilla Firefox (bin) users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-82.0"
All Mozilla Firefox ESR users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-client/firefox-78.4.0:0/esr78"
All Mozilla Firefox ESR (bin) users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-client/firefox-bin-78.4.0:0/esr78"
All Mozilla Thunderbird users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=mail-client/thunderbird-.4.0"
All Mozilla Thunderbird (bin) users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=mail-client/thunderbird-bin-78.4.0"
References
[ 1 ] CVE-2020-15683 https://nvd.nist.gov/vuln/detail/CVE-2020-15683 [ 2 ] CVE-2020-15969 https://nvd.nist.gov/vuln/detail/CVE-2020-15969 [ 3 ] MFSA-2020-45 https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/ [ 4 ] MFSA-2020-46 https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/ [ 5 ] MFSA-2020-47 https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202010-08
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: firefox security update Advisory ID: RHSA-2020:4310-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4310 Issue date: 2020-10-22 CVE Names: CVE-2020-15683 CVE-2020-15969 ==================================================================== 1. Summary:
An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.4.0 ESR.
Security Fix(es):
-
Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683)
-
chromium-browser: Use after free in WebRTC (CVE-2020-15969)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
- Bugs fixed (https://bugzilla.redhat.com/):
1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC 1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: firefox-78.4.0-1.el7_9.src.rpm
x86_64: firefox-78.4.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: firefox-78.4.0-1.el7_9.i686.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: firefox-78.4.0-1.el7_9.src.rpm
ppc64: firefox-78.4.0-1.el7_9.ppc64.rpm firefox-debuginfo-78.4.0-1.el7_9.ppc64.rpm
ppc64le: firefox-78.4.0-1.el7_9.ppc64le.rpm firefox-debuginfo-78.4.0-1.el7_9.ppc64le.rpm
s390x: firefox-78.4.0-1.el7_9.s390x.rpm firefox-debuginfo-78.4.0-1.el7_9.s390x.rpm
x86_64: firefox-78.4.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
x86_64: firefox-78.4.0-1.el7_9.i686.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: firefox-78.4.0-1.el7_9.src.rpm
x86_64: firefox-78.4.0-1.el7_9.x86_64.rpm firefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: firefox-78.4.0-1.el7_9.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-15683 https://access.redhat.com/security/cve/CVE-2020-15969 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBX5G+ntzjgjWX9erEAQhmDQ//dHDny/ImuLP8xvK4PtLEY7BRvrOS/vY2 YkKEGdGOQa48sBw+5Y2tSqra5gKOqf5H3lcxj+sTG97hUStgrNAucZpTHaKm7vde /Eb3PIFWOqnNpcvDg6njU/q5ttA7YC0PHizRfH0Yix5EUAkKZnMWlcS8Lkm5FEM2 Ws+UfvgB/+Gx03I2MioDwnnHnnZLR+pmt7EYl7CnKLRMYsQVEkrlc2b7gCzPlijo UV91wcUoX4s9/v/i2afTY8CqhDs8MNHFnsVX+FTCyGbezamAxJ+YTKtDgKDiG+7v up2fIlMhf8eKnkEpyOebDDPo8vECJr311rXT0qg6/jkx9iogOyHskOcmTYIK5xzT R9gmF+gvsJsMeHzD6a6uh5BsLLS7rtIESWO91IS0FofOAv0lkkOqG1xlAq4zAKYc 8NrzZ0omzrB9rRK2LeKp2oAP0xIoFQiTmicoBAvRijNPRSWT8SZY/IfOsSvrbfkG rGOY4nNaLVQUqXv7+BKa/LusfBhQkGgxcKO/uNX7xWGTEqH4ysx7/ELKmQ1LjZxw bgYhrYaSkSMAQ5r/Nf0qMHLLxvMUqmJmgkExE0rLwogxWVYZWVCiIwI0wncDCFEo mw8HZ58JlTWTv2owGc8I0fo+ln7Y5xmuXuyN6AldueladP0AdtdNyaw/GHquCytW o2ukWK2zUE8=oczW -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "33"
},
{
"_id": null,
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "7.2"
},
{
"_id": null,
"model": "backports sle",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.0"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"_id": null,
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"_id": null,
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.1"
},
{
"_id": null,
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "32"
},
{
"_id": null,
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.3"
},
{
"_id": null,
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.3"
},
{
"_id": null,
"model": "chrome",
"scope": "lt",
"trust": 1.0,
"vendor": "google",
"version": "86.0.4240.75"
},
{
"_id": null,
"model": "safari",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.0.2"
},
{
"_id": null,
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.3"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15969"
}
]
},
"credits": {
"_id": null,
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "159910"
},
{
"db": "PACKETSTORM",
"id": "159907"
},
{
"db": "PACKETSTORM",
"id": "159909"
},
{
"db": "PACKETSTORM",
"id": "159682"
}
],
"trust": 0.4
},
"cve": "CVE-2020-15969",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2020-15969",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-169000",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-15969",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-15969",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-169000",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169000"
},
{
"db": "NVD",
"id": "CVE-2020-15969"
}
]
},
"description": {
"_id": null,
"data": "Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google Chrome is a web browser developed by Google (Google). Chrome has security holes. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 78.4.0esr-1~deb10u2. \n\nWe recommend that you upgrade your firefox-esr packages. 6) - i386, x86_64\n\n3. Description:\n\nMozilla Thunderbird is a standalone mail and newsgroup client. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2020-12-14-7 tvOS 14.3\n\ntvOS 14.3 addresses the following issues. Information about the\nsecurity content is also available at\nhttps://support.apple.com/HT212005. \n\nCoreAudio\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-27948: JunDong Xie of Ant Security Light-Year Lab\n\nFontParser\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2020-27946: Mateusz Jurczyk of Google Project Zero\n\nFontParser\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed with improved input validation. \nCVE-2020-27943: Mateusz Jurczyk of Google Project Zero\nCVE-2020-27944: Mateusz Jurczyk of Google Project Zero\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-29617: XingWei Lin of Ant Security Light-Year Lab\nCVE-2020-29619: XingWei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2020-29618: XingWei Lin of Ant Security Light-Year Lab\n\nImageIO\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2020-29611: Ivan Fratric of Google Project Zero\n\nWebRTC\nAvailable for: Apple TV 4K and Apple TV HD\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2020-15969: an anonymous researcher\n\nInstallation note:\n\nApple TV will periodically check for software updates. Alternatively,\nyou may manually check for software updates by selecting\n\"Settings -\u003e System -\u003e Software Update -\u003e Update Software.\"\n\nTo check the current version of software, select\n\"Settings -\u003e General -\u003e About.\"\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAl/YBnkACgkQZcsbuWJ6\njjAdUA/+IW1Va0vmKcDFand0B8Y1lkRDdThXQ/lQmLJCPNJ1hQLQZSLUzpYvjyLi\nUAepoh/ToYtt9YivitmjfNHxjLvYw/xRV13cpsVMcCvQhhS1N5s4aJEL6f+0LEhv\n6U0JvjGoa6/By4sQksdPZnipoNRzEJ3KWRJrFkLnGwvH+uT6KbuzjXqfHwkHJfV2\nXgghEJzvoLT1cbXp6XNO/YOV++eeDBkW0L80YukQ2RPDHi3N99Aue9ADe+pbQJH1\neJBWdZV99zjHZrStXKBQ7CF5i9hJnludrMo0V+RgMXRhLrfW5dm6Ww3kLm4okj+D\nspAJy8WepCRFwth9+yFcmdxyv2aZJ0MvxuFAIL6Sv9E0FvMW8fPbRHcsJDDTAt4f\nmKUPwUex183P7li3SYEK/I1ItcMh039wlulkiP5xw/6JGDIDh7ryOaTPCvnz+MIx\nOzcgtdNFLcTA2BDEQwITEp+fpuqAlXw3ykbq5yYZz3AJXxKLVXVLeuB1oEkHJmRi\n4EUXb7Lb5TEoMj1dbCmmr6q3eWGCPj5CJcTFJMTNWx8aW4u889mi7FqCnXasAc3M\njg5eSRy+97+tOsdgUYFoMekJqF8jJbljDH1NDmEbMtVc+F7jT4khXN9fRLvqN6An\nP4web66vaHKZbUnMDtXHjMSkfniHUT39JKm7CJPNC/vf2HF9HQM=4OzT\n-----END PGP SIGNATURE-----\n\n\n. \n\nBackground\n=========\nLibrary for rendering dynamic web content in Qt5 C++ and QML\napplications. 8.0) - ppc64le, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202010-08\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSeverity: Normal\n Title: Mozilla Firefox, Mozilla Thunderbird: Multiple\n vulnerabilities\n Date: October 28, 2020\n Bugs: #750446\n ID: 202010-08\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Mozilla Firefox and Mozilla\nThunderbird, the worst of which could result in the arbitrary execution\nof code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 www-client/firefox \u003c 82.0 \u003e= 78.4.0:0/esr78\n\u003e = 82.0\n 2 www-client/firefox-bin \u003c 82.0 \u003e= 78.4.0:0/esr78\n\u003e = 82.0\n 3 mail-client/thunderbird \u003c 78.4.0 \u003e= 78.4.0\n 4 mail-client/thunderbird-bin\n \u003c 78.4.0 \u003e= 78.4.0\n -------------------------------------------------------------------\n 4 affected packages\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Mozilla Firefox and\nMozilla Thunderbird. Please review the CVE identifiers referenced below\nfor details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Mozilla Firefox users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-82.0\"\n\nAll Mozilla Firefox (bin) users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-client/firefox-bin-82.0\"\n\nAll Mozilla Firefox ESR users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/firefox-78.4.0:0/esr78\"\n\nAll Mozilla Firefox ESR (bin) users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-client/firefox-bin-78.4.0:0/esr78\"\n\nAll Mozilla Thunderbird users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=mail-client/thunderbird-.4.0\"\n\nAll Mozilla Thunderbird (bin) users should upgrade to the latest\nversion:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=mail-client/thunderbird-bin-78.4.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-15683\n https://nvd.nist.gov/vuln/detail/CVE-2020-15683\n[ 2 ] CVE-2020-15969\n https://nvd.nist.gov/vuln/detail/CVE-2020-15969\n[ 3 ] MFSA-2020-45\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/\n[ 4 ] MFSA-2020-46\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/\n[ 5 ] MFSA-2020-47\n https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\nhttps://security.gentoo.org/glsa/202010-08\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2020 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: firefox security update\nAdvisory ID: RHSA-2020:4310-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:4310\nIssue date: 2020-10-22\nCVE Names: CVE-2020-15683 CVE-2020-15969\n====================================================================\n1. Summary:\n\nAn update for firefox is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nMozilla Firefox is an open-source web browser, designed for standards\ncompliance, performance, and portability. \n\nThis update upgrades Firefox to version 78.4.0 ESR. \n\nSecurity Fix(es):\n\n* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4\n(CVE-2020-15683)\n\n* chromium-browser: Use after free in WebRTC (CVE-2020-15969)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to\ntake effect. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1885885 - CVE-2020-15969 chromium-browser: Use after free in WebRTC\n1889932 - CVE-2020-15683 Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nfirefox-78.4.0-1.el7_9.src.rpm\n\nx86_64:\nfirefox-78.4.0-1.el7_9.x86_64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nfirefox-78.4.0-1.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nfirefox-78.4.0-1.el7_9.src.rpm\n\nppc64:\nfirefox-78.4.0-1.el7_9.ppc64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.ppc64.rpm\n\nppc64le:\nfirefox-78.4.0-1.el7_9.ppc64le.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.ppc64le.rpm\n\ns390x:\nfirefox-78.4.0-1.el7_9.s390x.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.s390x.rpm\n\nx86_64:\nfirefox-78.4.0-1.el7_9.x86_64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nx86_64:\nfirefox-78.4.0-1.el7_9.i686.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nfirefox-78.4.0-1.el7_9.src.rpm\n\nx86_64:\nfirefox-78.4.0-1.el7_9.x86_64.rpm\nfirefox-debuginfo-78.4.0-1.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nfirefox-78.4.0-1.el7_9.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-15683\nhttps://access.redhat.com/security/cve/CVE-2020-15969\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBX5G+ntzjgjWX9erEAQhmDQ//dHDny/ImuLP8xvK4PtLEY7BRvrOS/vY2\nYkKEGdGOQa48sBw+5Y2tSqra5gKOqf5H3lcxj+sTG97hUStgrNAucZpTHaKm7vde\n/Eb3PIFWOqnNpcvDg6njU/q5ttA7YC0PHizRfH0Yix5EUAkKZnMWlcS8Lkm5FEM2\nWs+UfvgB/+Gx03I2MioDwnnHnnZLR+pmt7EYl7CnKLRMYsQVEkrlc2b7gCzPlijo\nUV91wcUoX4s9/v/i2afTY8CqhDs8MNHFnsVX+FTCyGbezamAxJ+YTKtDgKDiG+7v\nup2fIlMhf8eKnkEpyOebDDPo8vECJr311rXT0qg6/jkx9iogOyHskOcmTYIK5xzT\nR9gmF+gvsJsMeHzD6a6uh5BsLLS7rtIESWO91IS0FofOAv0lkkOqG1xlAq4zAKYc\n8NrzZ0omzrB9rRK2LeKp2oAP0xIoFQiTmicoBAvRijNPRSWT8SZY/IfOsSvrbfkG\nrGOY4nNaLVQUqXv7+BKa/LusfBhQkGgxcKO/uNX7xWGTEqH4ysx7/ELKmQ1LjZxw\nbgYhrYaSkSMAQ5r/Nf0qMHLLxvMUqmJmgkExE0rLwogxWVYZWVCiIwI0wncDCFEo\nmw8HZ58JlTWTv2owGc8I0fo+ln7Y5xmuXuyN6AldueladP0AdtdNyaw/GHquCytW\no2ukWK2zUE8=oczW\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-15969"
},
{
"db": "VULHUB",
"id": "VHN-169000"
},
{
"db": "PACKETSTORM",
"id": "168916"
},
{
"db": "PACKETSTORM",
"id": "168919"
},
{
"db": "PACKETSTORM",
"id": "159910"
},
{
"db": "PACKETSTORM",
"id": "160542"
},
{
"db": "PACKETSTORM",
"id": "161131"
},
{
"db": "PACKETSTORM",
"id": "159907"
},
{
"db": "PACKETSTORM",
"id": "159909"
},
{
"db": "PACKETSTORM",
"id": "159746"
},
{
"db": "PACKETSTORM",
"id": "159682"
}
],
"trust": 1.8
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2020-15969",
"trust": 2.1
},
{
"db": "PACKETSTORM",
"id": "159909",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159910",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161131",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "160542",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159907",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159746",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159682",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "159893",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159683",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160538",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160543",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159679",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159906",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160536",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159587",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159536",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "160540",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159888",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159686",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-169000",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168970",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168916",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "168919",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169000"
},
{
"db": "PACKETSTORM",
"id": "168970"
},
{
"db": "PACKETSTORM",
"id": "168916"
},
{
"db": "PACKETSTORM",
"id": "168919"
},
{
"db": "PACKETSTORM",
"id": "159910"
},
{
"db": "PACKETSTORM",
"id": "160542"
},
{
"db": "PACKETSTORM",
"id": "161131"
},
{
"db": "PACKETSTORM",
"id": "159907"
},
{
"db": "PACKETSTORM",
"id": "159909"
},
{
"db": "PACKETSTORM",
"id": "159746"
},
{
"db": "PACKETSTORM",
"id": "159682"
},
{
"db": "NVD",
"id": "CVE-2020-15969"
}
]
},
"id": "VAR-202011-0444",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-169000"
}
],
"trust": 0.01
},
"last_update_date": "2026-04-10T23:11:53.950000Z",
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169000"
},
{
"db": "NVD",
"id": "CVE-2020-15969"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202101-30"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212003"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212005"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212007"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212009"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht212011"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4824"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/dec/24"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/dec/26"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/dec/27"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/dec/29"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2020/dec/30"
},
{
"trust": 1.1,
"url": "https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html"
},
{
"trust": 1.1,
"url": "https://crbug.com/1124659"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00016.html"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15969"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4gwcwnhttyoh6hsfuxpgpbb6j6jyzhze/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/24qfl4c3azkmfvl7lvsymu2dne5vvugs/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/sc3u3h6aisvzb5plzllnf4hmq4uffl7m/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15683"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-15683"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2020-15969"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.3,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15966"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15968"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15960"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15959"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15963"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15962"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15964"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15965"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15961"
},
{
"trust": 0.2,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.2,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.2,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4gwcwnhttyoh6hsfuxpgpbb6j6jyzhze/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/sc3u3h6aisvzb5plzllnf4hmq4uffl7m/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/24qfl4c3azkmfvl7lvsymu2dne5vvugs/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/chromium"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15970"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15967"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8075"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/firefox-esr"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/thunderbird"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27948"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29618"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29617"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29611"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29619"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212005."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27944"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6472"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6506"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6467"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6534"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6545"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6571"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6514"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6482"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6475"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6470"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6559"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6471"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15972"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6576"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15977"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16002"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6573"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15978"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6549"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6487"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6569"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15992"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6551"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6486"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16001"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6483"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6490"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15979"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15989"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16003"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15987"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6531"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6476"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6480"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15974"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6548"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6555"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6535"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6550"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6562"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15976"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6474"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6533"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6523"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6575"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6542"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6489"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6518"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6512"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6481"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6557"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6544"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15985"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6473"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6561"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6570"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6529"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6541"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4944"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4945"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-47/"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-46/"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/glsa/202010-08"
},
{
"trust": 0.1,
"url": "https://www.mozilla.org/en-us/security/advisories/mfsa2020-45/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2020:4310"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169000"
},
{
"db": "PACKETSTORM",
"id": "168970"
},
{
"db": "PACKETSTORM",
"id": "168916"
},
{
"db": "PACKETSTORM",
"id": "168919"
},
{
"db": "PACKETSTORM",
"id": "159910"
},
{
"db": "PACKETSTORM",
"id": "160542"
},
{
"db": "PACKETSTORM",
"id": "161131"
},
{
"db": "PACKETSTORM",
"id": "159907"
},
{
"db": "PACKETSTORM",
"id": "159909"
},
{
"db": "PACKETSTORM",
"id": "159746"
},
{
"db": "PACKETSTORM",
"id": "159682"
},
{
"db": "NVD",
"id": "CVE-2020-15969"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-169000",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168970",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168916",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "168919",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159910",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "160542",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "161131",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159907",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159909",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159746",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "159682",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2020-15969",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2020-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-169000",
"ident": null
},
{
"date": "2021-01-28T20:12:00",
"db": "PACKETSTORM",
"id": "168970",
"ident": null
},
{
"date": "2020-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "168916",
"ident": null
},
{
"date": "2020-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "168919",
"ident": null
},
{
"date": "2020-11-05T17:01:22",
"db": "PACKETSTORM",
"id": "159910",
"ident": null
},
{
"date": "2020-12-16T18:02:43",
"db": "PACKETSTORM",
"id": "160542",
"ident": null
},
{
"date": "2021-01-26T14:27:32",
"db": "PACKETSTORM",
"id": "161131",
"ident": null
},
{
"date": "2020-11-05T17:00:57",
"db": "PACKETSTORM",
"id": "159907",
"ident": null
},
{
"date": "2020-11-05T17:01:15",
"db": "PACKETSTORM",
"id": "159909",
"ident": null
},
{
"date": "2020-10-28T16:36:31",
"db": "PACKETSTORM",
"id": "159746",
"ident": null
},
{
"date": "2020-10-22T23:55:44",
"db": "PACKETSTORM",
"id": "159682",
"ident": null
},
{
"date": "2020-11-03T03:15:12.790000",
"db": "NVD",
"id": "CVE-2020-15969",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2021-07-21T00:00:00",
"db": "VULHUB",
"id": "VHN-169000",
"ident": null
},
{
"date": "2024-11-21T05:06:34.250000",
"db": "NVD",
"id": "CVE-2020-15969",
"ident": null
}
]
},
"title": {
"_id": null,
"data": "Debian Security Advisory 4824-1",
"sources": [
{
"db": "PACKETSTORM",
"id": "168970"
}
],
"trust": 0.1
},
"type": {
"_id": null,
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "168916"
},
{
"db": "PACKETSTORM",
"id": "168919"
},
{
"db": "PACKETSTORM",
"id": "161131"
},
{
"db": "PACKETSTORM",
"id": "159746"
}
],
"trust": 0.4
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.