ArchLinux: 202004-8: firefox: multiple issues

    Date 10 Apr 2020
    144
    Posted By LinuxSecurity Advisories
    The package firefox before version 75.0-1 is vulnerable to multiple issues including arbitrary code execution, information disclosure and access restriction bypass.
    Arch Linux Security Advisory ASA-202004-8
    =========================================
    
    Severity: Critical
    Date    : 2020-04-08
    CVE-ID  : CVE-2020-6821 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825
              CVE-2020-6826
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1127
    
    Summary
    =======
    
    The package firefox before version 75.0-1 is vulnerable to multiple
    issues including arbitrary code execution, information disclosure and
    access restriction bypass.
    
    Resolution
    ==========
    
    Upgrade to 75.0-1.
    
    # pacman -Syu "firefox>=75.0-1"
    
    The problems have been fixed upstream in version 75.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-6821 (information disclosure)
    
    An information disclosure issue has been found in Firefox before 75.0.
    When reading from areas partially or fully outside the source resource
    with WebGL's copyTexSubImage method, the specification requires the
    returned values be zero. Previously, this memory was uninitialized,
    leading to potentially sensitive data disclosure.
    
    - CVE-2020-6823 (access restriction bypass)
    
    A security issue has been found in Firefox before 75.0, where a
    malicious extension could have called
    browser.identity.launchWebAuthFlow, controlling the redirect_uri, and
    through the Promise returned, obtain the Auth code and gain access to
    the user's account at the service provider.
    
    - CVE-2020-6824 (information disclosure)
    
    A security issue has been found in Firefox before 75.0, where generated
    passwords may be identical on the same site between separate private
    browsing sessions. Initially, a user opens a Private Browsing Window
    and generates a password for a site, then closes the Private Browsing
    Window but leaves Firefox open. Subsequently, if the user had opened a
    new Private Browsing Window, revisited the same site, and generated a
    new password - the generated passwords would have been identical,
    rather than independent.
    
    - CVE-2020-6825 (arbitrary code execution)
    
    Several memory safety issues have been found in Firefox before 75.0.
    Some of these bugs showed evidence of memory corruption and Mozilla
    presumes that with enough effort some of these could have been
    exploited to run arbitrary code.
    
    - CVE-2020-6826 (arbitrary code execution)
    
    Several memory safety issues have been found in Firefox before 75.0.
    Some of these bugs showed evidence of memory corruption and Mozilla
    presumes that with enough effort some of these could have been
    exploited to run arbitrary code.
    
    Impact
    ======
    
    A remote attacker might be able to access sensitive information, bypass
    security restrictions or execute arbitrary code.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821
    https://bugzilla.mozilla.org/show_bug.cgi?id=1625404
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823
    https://bugzilla.mozilla.org/show_bug.cgi?id=1614919
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824
    https://bugzilla.mozilla.org/show_bug.cgi?id=1621853
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1572541%2C1620193%2C1620203
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1613009%2C1613195%2C1616734%2C1617488%2C1619229%2C1620719%2C1624897
    https://security.archlinux.org/CVE-2020-6821
    https://security.archlinux.org/CVE-2020-6823
    https://security.archlinux.org/CVE-2020-6824
    https://security.archlinux.org/CVE-2020-6825
    https://security.archlinux.org/CVE-2020-6826
    
    

    LinuxSecurity Poll

    Do you agree with Linus Torvalds' decision to reject the controversial patch mitigating the Snoop attack on Intel CPUs?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/28-do-you-agree-with-linus-torvalds-decision-to-reject-the-controversial-patch-mitigating-the-snoop-attack-on-intel-cpus?task=poll.vote&format=json
    28
    radio
    [{"id":"100","title":"Yes - this was undoubtedly the right decision.","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"101","title":"Not sure...","votes":"1","type":"x","order":"2","pct":100,"resources":[]},{"id":"102","title":"No - he made a big mistake here.","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]