advisories/27825.adv

type: security
subject: Updated firefox packages fix security vulnerabilities
CVE:
 - CVE-2020-16042
 - CVE-2020-26971
 - CVE-2020-26973
 - CVE-2020-26974
 - CVE-2020-26978
 - CVE-2020-35111
 - CVE-2020-35113
src:
  7:
   core:
     - nss-3.60.0-1.mga7
     - firefox-78.6.0-1.mga7
     - firefox-l10n-78.6.0-1.mga7
description: |
  When a BigInt was right-shifted the backing store was not properly cleared,
  allowing uninitialized memory to be read (CVE-2020-16042).
  
  Certain blit values provided by the user were not properly constrained leading
  to a heap buffer overflow in WebGL on some video drivers (CVE-2020-26971).
  
  Certain input to the CSS Sanitizer confused it, resulting in incorrect
  components being removed. This could have been used as a sanitizer bypass
  (CVE-2020-26973).
  
  When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object
  could have been incorrectly cast to the wrong type. This resulted in a heap
  user-after-free, memory corruption, and a potentially exploitable crash
  (CVE-2020-26974).
  
  Using techniques that built on the slipstream research, a malicious webpage
  could have exposed both an internal network's hosts as well as services running
  on the user's local machine (CVE-2020-26978).
  
  When an extension with the proxy permission registered to receive <all_urls>,
  the proxy.onRequest callback was not triggered for view-source URLs. While web
  content cannot navigate to such URLs, a user opening View Source could have
  inadvertently leaked their IP address (CVE-2020-35111).
  
  Mozilla developer Christian Holler reported memory safety bugs present in
  Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and
  we presume that with enough effort some of these could have been exploited to
  run arbitrary code (CVE-2020-35113).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=27825
 - https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.60_release_notes
 - https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/
 - https://access.redhat.com/errata/RHSA-2020:5562
ID: MGASA-2020-0461
1	type: security
2	subject: Updated firefox packages fix security vulnerabilities
3	CVE:
4	- CVE-2020-16042
5	- CVE-2020-26971
6	- CVE-2020-26973
7	- CVE-2020-26974
8	- CVE-2020-26978
9	- CVE-2020-35111
10	- CVE-2020-35113
11	src:
12	7:
13	core:
14	- nss-3.60.0-1.mga7
15	- firefox-78.6.0-1.mga7
16	- firefox-l10n-78.6.0-1.mga7
17	description: \|
18	When a BigInt was right-shifted the backing store was not properly cleared,
19	allowing uninitialized memory to be read (CVE-2020-16042).
20
21	Certain blit values provided by the user were not properly constrained leading
22	to a heap buffer overflow in WebGL on some video drivers (CVE-2020-26971).
23
24	Certain input to the CSS Sanitizer confused it, resulting in incorrect
25	components being removed. This could have been used as a sanitizer bypass
26	(CVE-2020-26973).
27
28	When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object
29	could have been incorrectly cast to the wrong type. This resulted in a heap
30	user-after-free, memory corruption, and a potentially exploitable crash
31	(CVE-2020-26974).
32
33	Using techniques that built on the slipstream research, a malicious webpage
34	could have exposed both an internal network's hosts as well as services running
35	on the user's local machine (CVE-2020-26978).
36
37	When an extension with the proxy permission registered to receive <all_urls>,
38	the proxy.onRequest callback was not triggered for view-source URLs. While web
39	content cannot navigate to such URLs, a user opening View Source could have
40	inadvertently leaked their IP address (CVE-2020-35111).
41
42	Mozilla developer Christian Holler reported memory safety bugs present in
43	Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and
44	we presume that with enough effort some of these could have been exploited to
45	run arbitrary code (CVE-2020-35113).
46	references:
47	- https://bugs.mageia.org/show_bug.cgi?id=27825
48	- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.60_release_notes
49	- https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/
50	- https://access.redhat.com/errata/RHSA-2020:5562
51	ID: MGASA-2020-0461