[ASA-202002-5] firefox: multiple issues
Arch Linux Security Advisory ASA-202002-5 ========================================= Severity: Critical Date : 2020-02-11 CVE-ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1096 Summary ======= The package firefox before version 73.0-1 is vulnerable to multiple issues including arbitrary code execution and cross-site scripting. Resolution ========== Upgrade to 73.0-1. # pacman -Syu "firefox>=73.0-1" The problems have been fixed upstream in version 73.0. Workaround ========== None. Description =========== - CVE-2020-6796 (arbitrary code execution) A missing bounds check on shared memory read in the parent process has been found in Firefox before 73.0. A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. - CVE-2020-6798 (cross-site scripting) An incorrect parsing of template could result in Javascript injection in Firefox before 73.0 and Thunderbird before 68.5. If a <template> tag was used in a <select%gt; tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. - CVE-2020-6800 (arbitrary code execution) Several memory safety bugs have been found in Firefox before 73.0 and Thunderbird before 68.5. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code. - CVE-2020-6801 (arbitrary code execution) Several memory safety bugs have been found in Firefox before 73.0. Some of these bugs showed evidence of memory corruption and Mozilla presumes that with enough effort some of these could have been exploited to run arbitrary code. Impact ====== A remote attacker can inject javascript on a vulnerable site, and execute arbitrary code. References ========== https://www.mozilla.org/en-US/security/advisories/mfsa2020-05 https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 https://bugzilla.mozilla.org/show_bug.cgi?id=1610426 https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798 https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798 https://bugzilla.mozilla.org/show_bug.cgi?id=1602944 https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800 https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%... https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%... https://security.archlinux.org/CVE-2020-6796 https://security.archlinux.org/CVE-2020-6798 https://security.archlinux.org/CVE-2020-6800 https://security.archlinux.org/CVE-2020-6801
participants (1)
-
Remi Gacogne