Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202004-6: firefox: arbitrary code execution

    Date
    465
    Posted By
    The package firefox before version 74.0.1-1 is vulnerable to arbitrary code execution.
    Arch Linux Security Advisory ASA-202004-6
    =========================================
    
    Severity: Critical
    Date    : 2020-04-04
    CVE-ID  : CVE-2020-6819 CVE-2020-6820
    Package : firefox
    Type    : arbitrary code execution
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1125
    
    Summary
    =======
    
    The package firefox before version 74.0.1-1 is vulnerable to arbitrary
    code execution.
    
    Resolution
    ==========
    
    Upgrade to 74.0.1-1.
    
    # pacman -Syu "firefox>=74.0.1-1"
    
    The problems have been fixed upstream in version 74.0.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-6819 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 74.0.1
    where under certain conditions, when running the nsDocShell destructor,
    a race condition can cause a use-after-free. Mozilla is aware of
    targeted attacks in the wild abusing this flaw.
    
    - CVE-2020-6820 (arbitrary code execution)
    
    A use-after-free vulnerability has been found in Firefox before 74.0.1
    where, under certain conditions, when handling a ReadableStream, a race
    condition can cause a use-after-free. Mozilla is aware of targeted
    attacks in the wild abusing this flaw.
    
    Impact
    ======
    
    A remote attacker can execute arbitrary code on the affected host.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819
    https://bugzilla.mozilla.org/show_bug.cgi?id=1620818
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820
    https://bugzilla.mozilla.org/show_bug.cgi?id=1626728
    https://security.archlinux.org/CVE-2020-6819
    https://security.archlinux.org/CVE-2020-6820
    
    

    LinuxSecurity Poll

    Tails is the most secure Linux distro out there.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/41-ubuntu-is-a-more-secure-distro-than-fedora?task=poll.vote&format=json
    41
    radio
    [{"id":"142","title":"Yes - Tails get my vote!","votes":"1","type":"x","order":"1","pct":100,"resources":[]},{"id":"143","title":"Nope - Parrot OS has surpassed Tails in its security and privacy.","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.