{ "document" : { "aggregate_severity" : { "text" : "mittel" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Firefox ist ein Open Source Web Browser.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Mozilla Firefox und Thunderbird ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Android\n- Linux\n- MacOS X\n- UNIX\n- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2023-0457 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-0457.json" }, { "category" : "self", "summary" : "WID-SEC-2023-0457 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0457" }, { "category" : "external", "summary" : "Mozilla Firefox 78.0 Release Notes vom 2020-06-30", "url" : "https://www.mozilla.org/en-US/firefox/78.0/releasenotes/" }, { "category" : "external", "summary" : "Mozilla Security Advisory MFSA2020-26 vom 2020-07-02", "url" : "https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-4408-1 vom 2020-07-02", "url" : "https://ubuntu.com/security/notices/USN-4408-1" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-4408-1 vom 2020-07-02", "url" : "https://usn.ubuntu.com/4408-1/" }, { "category" : "external", "summary" : "Debian Security Advisory DSA-4718 vom 2020-07-06", "url" : "https://www.debian.org/security/2020/dsa-4718" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2826 vom 2020-07-06", "url" : "https://access.redhat.com/errata/RHSA-2020:2826" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2828 vom 2020-07-06", "url" : "https://access.redhat.com/errata/RHSA-2020:2828" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2827 vom 2020-07-06", "url" : "https://access.redhat.com/errata/RHSA-2020:2827" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2824 vom 2020-07-06", "url" : "https://access.redhat.com/errata/RHSA-2020:2824" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2825 vom 2020-07-06", "url" : "https://access.redhat.com/errata/RHSA-2020:2825" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2020:14421-1 vom 2020-07-08", "url" : "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007099.html" }, { "category" : "external", "summary" : "CentOS Security Advisory CESA-2020:2827 vom 2020-07-08", "url" : "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-2827-Important-CentOS-7-firefox-Security-Update-tp4645976.html" }, { "category" : "external", "summary" : "Ubuntu Security Notice USN-4421-1 vom 2020-07-08", "url" : "https://ubuntu.com/security/notices/USN-4421-1" }, { "category" : "external", "summary" : "CentOS Security Advisory CESA-2020:2824 vom 2020-07-08", "url" : "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-2824-Important-CentOS-6-firefox-Security-Update-tp4645978.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2020:1899-1 vom 2020-07-13", "url" : "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007121.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2020:1900-1 vom 2020-07-13", "url" : "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007122.html" }, { "category" : "external", "summary" : "SUSE Security Update SUSE-SU-2020:1898-1 vom 2020-07-13", "url" : "http://lists.suse.com/pipermail/sle-security-updates/2020-July/007123.html" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2907 vom 2020-07-14", "url" : "https://access.redhat.com/errata/RHSA-2020:2907" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2906 vom 2020-07-14", "url" : "https://access.redhat.com/errata/RHSA-2020:2906" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:2966 vom 2020-07-16", "url" : "https://access.redhat.com/errata/RHSA-2020:2966" }, { "category" : "external", "summary" : "Mozilla Security Advisory MFSA2020-29 vom 2020-07-16", "url" : "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29/" }, { "category" : "external", "summary" : "Debian Security Advisory DSA-4726 vom 2020-07-18", "url" : "https://www.debian.org/security/2020/dsa-4726" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:3038 vom 2020-07-21", "url" : "https://access.redhat.com/errata/RHSA-2020:3038" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:3046 vom 2020-07-21", "url" : "https://access.redhat.com/errata/RHSA-2020:3046" }, { "category" : "external", "summary" : "AVAYA Security Advisory ASA-2020-091 vom 2020-07-24", "url" : "https://downloads.avaya.com/css/P8/documents/101069609" }, { "category" : "external", "summary" : "Gentoo Security Advisory", "url" : "https://security.gentoo.org/glsa/202007-10" }, { "category" : "external", "summary" : "Debian Security Advisory", "url" : "https://security.gentoo.org/glsa/202007-09" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:3280 vom 2020-08-03", "url" : "https://access.redhat.com/errata/RHSA-2020:3280" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:3557 vom 2020-08-26", "url" : "https://access.redhat.com/errata/RHSA-2020:3557" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:3555 vom 2020-08-26", "url" : "https://access.redhat.com/errata/RHSA-2020:3555" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:3559 vom 2020-08-26", "url" : "https://access.redhat.com/errata/RHSA-2020:3559" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:4080 vom 2020-09-30", "url" : "https://access.redhat.com/errata/RHSA-2020:4080" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2020:4201 vom 2020-10-07", "url" : "https://access.redhat.com/errata/RHSA-2020:4201" }, { "category" : "external", "summary" : "Red Hat Security Advisory RHSA-2021:0949 vom 2021-03-22", "url" : "https://access.redhat.com/errata/RHSA-2021:0949" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2021-1522 vom 2021-07-13", "url" : "https://alas.aws.amazon.com/ALAS-2021-1522.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2023-1945 vom 2023-02-22", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2023-1945.html" }, { "category" : "external", "summary" : "Amazon Linux Security Advisory ALAS-2025-2836 vom 2025-04-30", "url" : "https://alas.aws.amazon.com/AL2/ALAS-2025-2836.html" } ], "source_lang" : "en-US", "title" : "Mozilla Firefox/Thunderbird: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2025-05-01T22:00:00.000+00:00", "generator" : { "date" : "2025-05-02T08:13:17.239+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.12" } }, "id" : "WID-SEC-W-2023-0457", "initial_release_date" : "2020-06-30T22:00:00.000+00:00", "revision_history" : [ { "date" : "2020-06-30T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" }, { "date" : "2020-07-02T22:00:00.000+00:00", "number" : "2", "summary" : "Neue Updates von Mozilla und Ubuntu aufgenommen" }, { "date" : "2020-07-05T22:00:00.000+00:00", "number" : "3", "summary" : "Neue Updates von Debian aufgenommen" }, { "date" : "2020-07-06T22:00:00.000+00:00", "number" : "4", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2020-07-08T22:00:00.000+00:00", "number" : "5", "summary" : "Neue Updates von SUSE, CentOS und Ubuntu aufgenommen" }, { "date" : "2020-07-13T22:00:00.000+00:00", "number" : "6", "summary" : "Neue Updates von SUSE aufgenommen" }, { "date" : "2020-07-14T22:00:00.000+00:00", "number" : "7", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2020-07-15T22:00:00.000+00:00", "number" : "8", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2020-07-16T22:00:00.000+00:00", "number" : "9", "summary" : "Neue Updates von Mozilla aufgenommen" }, { "date" : "2020-07-19T22:00:00.000+00:00", "number" : "10", "summary" : "Neue Updates von Debian aufgenommen" }, { "date" : "2020-07-21T22:00:00.000+00:00", "number" : "11", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2020-07-23T22:00:00.000+00:00", "number" : "12", "summary" : "Neue Updates von AVAYA aufgenommen" }, { "date" : "2020-07-26T22:00:00.000+00:00", "number" : "13", "summary" : "Neue Updates von GENTOO aufgenommen" }, { "date" : "2020-08-03T22:00:00.000+00:00", "number" : "14", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2020-08-25T22:00:00.000+00:00", "number" : "15", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2020-09-29T22:00:00.000+00:00", "number" : "16", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2020-10-06T22:00:00.000+00:00", "number" : "17", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2021-03-21T23:00:00.000+00:00", "number" : "18", "summary" : "Neue Updates von Red Hat aufgenommen" }, { "date" : "2021-07-12T22:00:00.000+00:00", "number" : "19", "summary" : "Neue Updates von Amazon aufgenommen" }, { "date" : "2023-02-22T23:00:00.000+00:00", "number" : "20", "summary" : "Neue Updates von Amazon aufgenommen" }, { "date" : "2025-05-01T22:00:00.000+00:00", "number" : "21", "summary" : "Neue Updates von Amazon aufgenommen" } ], "status" : "final", "version" : "21" } }, "product_tree" : { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Amazon Linux 2", "product" : { "name" : "Amazon Linux 2", "product_id" : "398363", "product_identification_helper" : { "cpe" : "cpe:/o:amazon:linux_2:-" } } } ], "category" : "vendor", "name" : "Amazon" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<78", "product" : { "name" : "Avaya Aura Application Enablement Services <78", "product_id" : "T015516" } }, { "category" : "product_version", "name" : "78", "product" : { "name" : "Avaya Aura Application Enablement Services 78", "product_id" : "T015516-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:avaya:aura_application_enablement_services:-" } } } ], "category" : "product_name", "name" : "Aura Application Enablement Services" }, { "branches" : [ { "category" : "product_version_range", "name" : "<78", "product" : { "name" : "Avaya Aura Experience Portal <78", "product_id" : "T015519" } }, { "category" : "product_version", "name" : "78", "product" : { "name" : "Avaya Aura Experience Portal 78", "product_id" : "T015519-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:avaya:aura_experience_portal:-" } } } ], "category" : "product_name", "name" : "Aura Experience Portal" }, { "branches" : [ { "category" : "product_version_range", "name" : "<78", "product" : { "name" : "Avaya one-X <78", "product_id" : "1024" } }, { "category" : "product_version", "name" : "78", "product" : { "name" : "Avaya one-X 78", "product_id" : "1024-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:avaya:one-x:-" } } } ], "category" : "product_name", "name" : "one-X" } ], "category" : "vendor", "name" : "Avaya" }, { "branches" : [ { "category" : "product_name", "name" : "Debian Linux", "product" : { "name" : "Debian Linux", "product_id" : "2951", "product_identification_helper" : { "cpe" : "cpe:/o:debian:debian_linux:-" } } } ], "category" : "vendor", "name" : "Debian" }, { "branches" : [ { "category" : "product_name", "name" : "Gentoo Linux", "product" : { "name" : "Gentoo Linux", "product_id" : "T012167", "product_identification_helper" : { "cpe" : "cpe:/o:gentoo:linux:-" } } } ], "category" : "vendor", "name" : "Gentoo" }, { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "for Android <68.10.0", "product" : { "name" : "Mozilla Firefox for Android <68.10.0", "product_id" : "7356" } }, { "category" : "product_version", "name" : "for Android 68.10.0", "product" : { "name" : "Mozilla Firefox for Android 68.10.0", "product_id" : "7356-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:firefox:-" } } }, { "category" : "product_version_range", "name" : "<78.0", "product" : { "name" : "Mozilla Firefox <78.0", "product_id" : "T016820" } }, { "category" : "product_version", "name" : "78", "product" : { "name" : "Mozilla Firefox 78.0", "product_id" : "T016820-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:firefox:78.0" } } } ], "category" : "product_name", "name" : "Firefox" }, { "branches" : [ { "category" : "product_version_range", "name" : "<68.10.0", "product" : { "name" : "Mozilla Thunderbird <68.10.0", "product_id" : "T016849" } }, { "category" : "product_version", "name" : "68.10.0", "product" : { "name" : "Mozilla Thunderbird 68.10.0", "product_id" : "T016849-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:thunderbird:68.10.0" } } }, { "category" : "product_version_range", "name" : "<78", "product" : { "name" : "Mozilla Thunderbird <78", "product_id" : "T016954" } }, { "category" : "product_version", "name" : "78", "product" : { "name" : "Mozilla Thunderbird 78", "product_id" : "T016954-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:mozilla:thunderbird:78" } } } ], "category" : "product_name", "name" : "Thunderbird" } ], "category" : "vendor", "name" : "Mozilla" }, { "branches" : [ { "category" : "product_name", "name" : "Open Source CentOS", "product" : { "name" : "Open Source CentOS", "product_id" : "1727", "product_identification_helper" : { "cpe" : "cpe:/o:centos:centos:-" } } } ], "category" : "vendor", "name" : "Open Source" }, { "branches" : [ { "category" : "product_name", "name" : "Red Hat Enterprise Linux", "product" : { "name" : "Red Hat Enterprise Linux", "product_id" : "67646", "product_identification_helper" : { "cpe" : "cpe:/o:redhat:enterprise_linux:-" } } } ], "category" : "vendor", "name" : "Red Hat" }, { "branches" : [ { "category" : "product_name", "name" : "SUSE Linux", "product" : { "name" : "SUSE Linux", "product_id" : "T002207", "product_identification_helper" : { "cpe" : "cpe:/o:suse:suse_linux:-" } } } ], "category" : "vendor", "name" : "SUSE" }, { "branches" : [ { "category" : "product_name", "name" : "Ubuntu Linux", "product" : { "name" : "Ubuntu Linux", "product_id" : "T000126", "product_identification_helper" : { "cpe" : "cpe:/o:canonical:ubuntu_linux:-" } } } ], "category" : "vendor", "name" : "Ubuntu" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2020-12402", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12402" }, { "cve" : "CVE-2020-12415", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12415" }, { "cve" : "CVE-2020-12416", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12416" }, { "cve" : "CVE-2020-12417", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12417" }, { "cve" : "CVE-2020-12418", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12418" }, { "cve" : "CVE-2020-12419", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12419" }, { "cve" : "CVE-2020-12420", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12420" }, { "cve" : "CVE-2020-12421", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12421" }, { "cve" : "CVE-2020-12422", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12422" }, { "cve" : "CVE-2020-12423", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12423" }, { "cve" : "CVE-2020-12424", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12424" }, { "cve" : "CVE-2020-12425", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12425" }, { "cve" : "CVE-2020-12426", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-12426" }, { "cve" : "CVE-2020-15648", "product_status" : { "known_affected" : [ "T015519", "T016849", "7356", "67646", "T015516", "T016954", "T016820", "T012167", "2951", "T002207", "T000126", "1024", "398363", "1727" ] }, "release_date" : "2020-06-30T22:00:00.000+00:00", "title" : "CVE-2020-15648" } ] }