1 |
type: security |
2 |
subject: Updated firefox packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2020-16042 |
5 |
- CVE-2020-26971 |
6 |
- CVE-2020-26973 |
7 |
- CVE-2020-26974 |
8 |
- CVE-2020-26978 |
9 |
- CVE-2020-35111 |
10 |
- CVE-2020-35113 |
11 |
src: |
12 |
7: |
13 |
core: |
14 |
- nss-3.60.0-1.mga7 |
15 |
- firefox-78.6.0-1.mga7 |
16 |
- firefox-l10n-78.6.0-1.mga7 |
17 |
description: | |
18 |
When a BigInt was right-shifted the backing store was not properly cleared, |
19 |
allowing uninitialized memory to be read (CVE-2020-16042). |
20 |
|
21 |
Certain blit values provided by the user were not properly constrained leading |
22 |
to a heap buffer overflow in WebGL on some video drivers (CVE-2020-26971). |
23 |
|
24 |
Certain input to the CSS Sanitizer confused it, resulting in incorrect |
25 |
components being removed. This could have been used as a sanitizer bypass |
26 |
(CVE-2020-26973). |
27 |
|
28 |
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object |
29 |
could have been incorrectly cast to the wrong type. This resulted in a heap |
30 |
user-after-free, memory corruption, and a potentially exploitable crash |
31 |
(CVE-2020-26974). |
32 |
|
33 |
Using techniques that built on the slipstream research, a malicious webpage |
34 |
could have exposed both an internal network's hosts as well as services running |
35 |
on the user's local machine (CVE-2020-26978). |
36 |
|
37 |
When an extension with the proxy permission registered to receive <all_urls>, |
38 |
the proxy.onRequest callback was not triggered for view-source URLs. While web |
39 |
content cannot navigate to such URLs, a user opening View Source could have |
40 |
inadvertently leaked their IP address (CVE-2020-35111). |
41 |
|
42 |
Mozilla developer Christian Holler reported memory safety bugs present in |
43 |
Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and |
44 |
we presume that with enough effort some of these could have been exploited to |
45 |
run arbitrary code (CVE-2020-35113). |
46 |
references: |
47 |
- https://bugs.mageia.org/show_bug.cgi?id=27825 |
48 |
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.60_release_notes |
49 |
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/ |
50 |
- https://access.redhat.com/errata/RHSA-2020:5562 |
51 |
ID: MGASA-2020-0461 |