[SECURITY] [DLA 2170-1] firefox-esr security update

2020-04-0811:36:20

lists.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.6%

JSON

Package : firefox-esr
Version : 68.7.0esr-1~deb8u1
CVE ID : CVE-2020-6819 CVE-2020-6820 CVE-2020-6821 CVE-2020-6822
CVE-2020-6825

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code.

For Debian 8 "Jessie", these problems have been fixed in version
68.7.0esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8allfirefox-esr-l10n-xh< 68.7.0esr-1~deb8u1firefox-esr-l10n-xh_68.7.0esr-1~deb8u1_all.deb
Debian8allthunderbird-l10n-nb-no< 1:68.7.0-1~deb8u1thunderbird-l10n-nb-no_1:68.7.0-1~deb8u1_all.deb
Debian8allicedove-l10n-sv-se< 1:68.7.0-1~deb8u1icedove-l10n-sv-se_1:68.7.0-1~deb8u1_all.deb
Debian10allfirefox-esr-l10n-sk< 68.7.0esr-1~deb10u1firefox-esr-l10n-sk_68.7.0esr-1~deb10u1_all.deb
Debian9alliceweasel-l10n-ru< 1:68.7.0esr-1~deb9u1iceweasel-l10n-ru_1:68.7.0esr-1~deb9u1_all.deb
Debian9allfirefox-esr-l10n-es-cl< 68.7.0esr-1~deb9u1firefox-esr-l10n-es-cl_68.7.0esr-1~deb9u1_all.deb
Debian9allicedove-l10n-bg< 1:68.7.0-1~deb9u1icedove-l10n-bg_1:68.7.0-1~deb9u1_all.deb
Debian9alliceowl-l10n-br< 1:68.7.0-1~deb9u1iceowl-l10n-br_1:68.7.0-1~deb9u1_all.deb
Debian10allfirefox-esr-l10n-ro< 68.7.0esr-1~deb10u1firefox-esr-l10n-ro_68.7.0esr-1~deb10u1_all.deb
Debian9alllightning-l10n-ga-ie< 1:68.7.0-1~deb9u1lightning-l10n-ga-ie_1:68.7.0-1~deb9u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	firefox-esr-l10n-xh	< 68.7.0esr-1~deb8u1	firefox-esr-l10n-xh_68.7.0esr-1~deb8u1_all.deb
Debian	8	all	thunderbird-l10n-nb-no	< 1:68.7.0-1~deb8u1	thunderbird-l10n-nb-no_1:68.7.0-1~deb8u1_all.deb
Debian	8	all	icedove-l10n-sv-se	< 1:68.7.0-1~deb8u1	icedove-l10n-sv-se_1:68.7.0-1~deb8u1_all.deb
Debian	10	all	firefox-esr-l10n-sk	< 68.7.0esr-1~deb10u1	firefox-esr-l10n-sk_68.7.0esr-1~deb10u1_all.deb
Debian	9	all	iceweasel-l10n-ru	< 1:68.7.0esr-1~deb9u1	iceweasel-l10n-ru_1:68.7.0esr-1~deb9u1_all.deb
Debian	9	all	firefox-esr-l10n-es-cl	< 68.7.0esr-1~deb9u1	firefox-esr-l10n-es-cl_68.7.0esr-1~deb9u1_all.deb
Debian	9	all	icedove-l10n-bg	< 1:68.7.0-1~deb9u1	icedove-l10n-bg_1:68.7.0-1~deb9u1_all.deb
Debian	9	all	iceowl-l10n-br	< 1:68.7.0-1~deb9u1	iceowl-l10n-br_1:68.7.0-1~deb9u1_all.deb
Debian	10	all	firefox-esr-l10n-ro	< 68.7.0esr-1~deb10u1	firefox-esr-l10n-ro_68.7.0esr-1~deb10u1_all.deb
Debian	9	all	lightning-l10n-ga-ie	< 1:68.7.0-1~deb9u1	lightning-l10n-ga-ie_1:68.7.0-1~deb9u1_all.deb