[ASA-202012-25] firefox: multiple issues
Arch Linux Security Advisory ASA-202012-25 ========================================== Severity: High Date : 2020-12-16 CVE-ID : CVE-2020-16042 CVE-2020-26971 CVE-2020-26972 CVE-2020-26973 CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-26979 CVE-2020-35111 CVE-2020-35113 CVE-2020-35114 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1362 Summary ======= The package firefox before version 84.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing and information disclosure. Resolution ========== Upgrade to 84.0-1. # pacman -Syu "firefox>=84.0-1" The problems have been fixed upstream in version 84.0. Workaround ========== None. Description =========== - CVE-2020-16042 (information disclosure) An uninitialized use security issue has been found in the V8 component of the chromium browser before version 87.0.4280.88 and Firefox before 84.0. - CVE-2020-26971 (arbitrary code execution) A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain blit values provided by the user were not properly constrained, leading to a heap buffer overflow on some video drivers. - CVE-2020-26972 (arbitrary code execution) A security issue was found in Firefox before 84.0. The lifecycle of IPC Actors allows managed actors to outlive their manager actors; and the former must ensure that they are not attempting to use a dead actor they have a reference to. Such a check was omitted in WebGL, resulting in a use-after-free and a potentially exploitable crash. - CVE-2020-26973 (content spoofing) A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. - CVE-2020-26974 (arbitrary code execution) A security issue was found in Firefox before 84.0 and Thunderbird before 78.6. When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. - CVE-2020-26976 (information disclosure) A security issue was found in Firefox before 84.0. When an HTTPS page was embedded in an HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. - CVE-2020-26978 (information disclosure) A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. - CVE-2020-26979 (content spoofing) A security issue was discovered in Firefox before 84.0. When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. - CVE-2020-35111 (information disclosure) A security issue was discovered in Firefox before 84.0 and Thunderbird before 78.6. When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. - CVE-2020-35113 (arbitrary code execution) Mozilla developer Christian Holler reported memory safety bugs present in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code. - CVE-2020-35114 (arbitrary code execution) Mozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele Svelto reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code. Impact ====== A remote attacker might be able to spoof content, access sensitive information or execute arbitrary code. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/ https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desk... https://crbug.com/1151890 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-1604... https://bugzilla.mozilla.org/show_bug.cgi?id=1679003 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-2697... https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-2697... https://bugzilla.mozilla.org/show_bug.cgi?id=1663466 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-2697... https://bugzilla.mozilla.org/show_bug.cgi?id=1671382 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-2697... https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-2697... https://bugzilla.mozilla.org/show_bug.cgi?id=1680084 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-2697... https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-2697... https://bugzilla.mozilla.org/show_bug.cgi?id=1681022 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-2697... https://bugzilla.mozilla.org/show_bug.cgi?id=1674343 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-2697... https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-2697... https://bugzilla.mozilla.org/show_bug.cgi?id=1677047 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-2697... https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-3511... https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-3511... https://bugzilla.mozilla.org/show_bug.cgi?id=1657916 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-3511... https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-3511... https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589 https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-3511... https://bugzilla.mozilla.org/buglist.cgi?bug_id=1607449%2C1640416%2C1656459%... https://security.archlinux.org/CVE-2020-16042 https://security.archlinux.org/CVE-2020-26971 https://security.archlinux.org/CVE-2020-26972 https://security.archlinux.org/CVE-2020-26973 https://security.archlinux.org/CVE-2020-26974 https://security.archlinux.org/CVE-2020-26976 https://security.archlinux.org/CVE-2020-26978 https://security.archlinux.org/CVE-2020-26979 https://security.archlinux.org/CVE-2020-35111 https://security.archlinux.org/CVE-2020-35113 https://security.archlinux.org/CVE-2020-35114
participants (1)
-
Morten Linderud