[ASA-202002-5] firefox: multiple issues
rgacogne at archlinux.org
Thu Feb 13 09:28:26 UTC 2020
Arch Linux Security Advisory ASA-202002-5
Date : 2020-02-11
CVE-ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1096
The package firefox before version 73.0-1 is vulnerable to multiple
issues including arbitrary code execution and cross-site scripting.
Upgrade to 73.0-1.
# pacman -Syu "firefox>=73.0-1"
The problems have been fixed upstream in version 73.0.
- CVE-2020-6796 (arbitrary code execution)
A missing bounds check on shared memory read in the parent process has
been found in Firefox before 73.0. A content process could have
modified shared memory relating to crash reporting information, crash
itself, and cause an out-of-bound write. This could have caused memory
corruption and a potentially exploitable crash.
- CVE-2020-6798 (cross-site scripting)
in Firefox before 73.0 and Thunderbird before 68.5. If a <template> tag
was used in a <select%gt; tag, the parser could be confused and allow
that relied on the browser behaving correctly could suffer a cross-site
scripting vulnerability as a result.
In general, this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but is potentially a risk in browser or browser-like contexts.
- CVE-2020-6800 (arbitrary code execution)
Several memory safety bugs have been found in Firefox before 73.0 and
Thunderbird before 68.5. Some of these bugs showed evidence of memory
corruption and Mozilla presumes that with enough effort some of these
could have been exploited to run arbitrary code.
- CVE-2020-6801 (arbitrary code execution)
Several memory safety bugs have been found in Firefox before 73.0. Some
of these bugs showed evidence of memory corruption and Mozilla presumes
that with enough effort some of these could have been exploited to run
execute arbitrary code.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security