Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202011-12: firefox: multiple issues

    Date 18 Nov 2020
    1850
    Posted By LinuxSecurity Advisories
    The package firefox before version 83.0-1 is vulnerable to multiple issues including arbitrary code execution, access restriction bypass, content spoofing, cross-site scripting, information disclosure, insufficient validation, denial of service and incorrect calculation.
    Arch Linux Security Advisory ASA-202011-12
    ==========================================
    
    Severity: Critical
    Date    : 2020-11-17
    CVE-ID  : CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26952
              CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959
              CVE-2020-26960 CVE-2020-26961 CVE-2020-26962 CVE-2020-26963
              CVE-2020-26965 CVE-2020-26967 CVE-2020-26968 CVE-2020-26969
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1279
    
    Summary
    =======
    
    The package firefox before version 83.0-1 is vulnerable to multiple
    issues including arbitrary code execution, access restriction bypass,
    content spoofing, cross-site scripting, information disclosure,
    insufficient validation, denial of service and incorrect calculation.
    
    Resolution
    ==========
    
    Upgrade to 83.0-1.
    
    # pacman -Syu "firefox>=83.0-1"
    
    The problems have been fixed upstream in version 83.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-15999 (arbitrary code execution)
    
    A heap buffer overflow has been found in freetype2 before 2.10.4.
    Malformed TTF files with PNG sbit glyphs can cause a heap buffer
    overflow in Load_SBit_Png as libpng uses the original 32-bit values,
    which are saved in png_struct. If the original width and/or height are
    greater than 65535, the allocated buffer won't be able to fit the
    bitmap.
    
    - CVE-2020-16012 (information disclosure)
    
    An information disclosure issue has been found in Firefox before 83.0
    and chromium before 87.0.4280.66. When drawing a transparent image on
    top of an unknown cross-origin image, the Skia library drawImage
    function took a variable amount of time depending on the content of the
    underlying image. This resulted in potential cross-origin information
    exposure of image content through timing side-channel attacks.
    
    - CVE-2020-26951 (access restriction bypass)
    
    A parsing and event loading mismatch has been found in Firefox's SVG
    code before 83.0 and could have allowed load events to fire, even after
    sanitization. An attacker already capable of exploiting an XSS
    vulnerability in privileged internal pages could have used this attack
    to bypass the built-in sanitizer.
    
    - CVE-2020-26952 (arbitrary code execution)
    
    A security issue has been found in Firefox before 83.0 where incorrect
    bookkeeping of functions inlined during JIT compilation could have led
    to memory corruption and a potentially exploitable crash when handling
    out-of-memory errors.
    
    - CVE-2020-26953 (content spoofing)
    
    A security issue has been found in Firefox before 83.0 where it was
    possible to cause the browser to enter fullscreen mode without
    displaying the security UI; thus making it possible to attempt a
    phishing attack or otherwise confuse the user.
    
    - CVE-2020-26956 (cross-site scripting)
    
    A security issue has been found in Firefox before 83.0 where, in some
    cases, removing HTML elements during sanitization would keep existing
    SVG event handlers and therefore lead to XSS.
    
    - CVE-2020-26958 (access restriction bypass)
    
    Firefox before 83.0 did not block execution of scripts with incorrect
    MIME types when the response was intercepted and cached through a
    ServiceWorker. This could lead to a cross-site script inclusion
    vulnerability, or a Content Security Policy bypass.
    
    - CVE-2020-26959 (arbitrary code execution)
    
    A security issue has been found in Firefox before 83.0 where, during
    browser shutdown, reference decrementing could have occurred on a
    previously freed object, resulting in a use-after-free, memory
    corruption, and a potentially exploitable crash.
    
    - CVE-2020-26960 (arbitrary code execution)
    
    A security issue has been found in Firefox before 83.0 where, if the
    Compact() method was called on an nsTArray, the array could have been
    reallocated without updating other pointers, leading to a potential
    use-after-free and exploitable crash.
    
    - CVE-2020-26961 (insufficient validation)
    
    A security issue has been found in Firefox before 83.0 where, when DNS
    over HTTPS is in use, it intentionally filters RFC1918 and related IP
    ranges from the responses as these do not make sense coming from a DoH
    resolver. However when an IPv4 address was mapped through IPv6, these
    addresses were erroneously let through, leading to a potential DNS
    Rebinding attack.
    
    - CVE-2020-26962 (access restriction bypass)
    
    A security issue has been found in Firefox before 83.0, where cross-
    origin iframes that contained a login form could have been recognized
    by the login autofill service, and populated. This could have been used
    in clickjacking attacks, as well as be read across partitions in
    dynamic first party isolation.
    
    - CVE-2020-26963 (denial of service)
    
    A denial of service issue has been found in Firefox before 83.0, where
    repeated calls to the history and location interfaces could have been
    used to hang the browser. This was addressed by introducing rate-
    limiting to these API calls.
    
    - CVE-2020-26965 (information disclosure)
    
    An information disclosure issue has been found in Firefox before 83.0.
    Some websites have a feature "Show Password" where clicking a button
    will change a password field into a textbox field, revealing the typed
    password. If, when using a software keyboard that remembers user input,
    a user typed their password and used that feature, the type of the
    password field was changed, resulting in a keyboard layout change and
    the possibility for the software keyboard to remember the typed
    password.
    
    - CVE-2020-26967 (incorrect calculation)
    
    A security issue has been found in Firefox before 83.0 where, when
    listening for page changes with a Mutation Observer, a malicious web
    page could confuse Firefox Screenshots into interacting with elements
    other than those that it injected into the page. This would lead to
    internal errors and unexpected behavior in the Screenshots code.
    
    - CVE-2020-26968 (arbitrary code execution)
    
    Several memory safety issues have been found in Firefox before 83.0 and
    Firefox ESR before 78.4. Some of these bugs showed evidence of memory
    corruption and Mozilla presumes that with enough effort some of these
    could have been exploited to run arbitrary code.
    
    - CVE-2020-26969 (arbitrary code execution)
    
    Several memory safety issues have been found in Firefox before 83.0.
    Some of these bugs showed evidence of memory corruption and Mozilla
    presumes that with enough effort some of these could have been
    exploited to run arbitrary code.
    
    Impact
    ======
    
    A remote attacker might be able to access sensitive information, bypass
    security measures, trick a user into performing unwanted actions, crash
    the browser or execute arbitrary code.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/
    https://git.savannah.nongnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
    https://savannah.nongnu.org/bugs/?59308
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012
    https://bugzilla.mozilla.org/show_bug.cgi?id=1642028
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951
    https://bugzilla.mozilla.org/show_bug.cgi?id=1667113
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
    https://bugzilla.mozilla.org/show_bug.cgi?id=1667685
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26953
    https://bugzilla.mozilla.org/show_bug.cgi?id=1656741
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26958
    https://bugzilla.mozilla.org/show_bug.cgi?id=1669355
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26959
    https://bugzilla.mozilla.org/show_bug.cgi?id=1669466
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960
    https://bugzilla.mozilla.org/show_bug.cgi?id=1670358
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26961
    https://bugzilla.mozilla.org/show_bug.cgi?id=1672528
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
    https://bugzilla.mozilla.org/show_bug.cgi?id=610997
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26963
    https://bugzilla.mozilla.org/show_bug.cgi?id=1314912
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26965
    https://bugzilla.mozilla.org/show_bug.cgi?id=1661617
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967
    https://bugzilla.mozilla.org/show_bug.cgi?id=1665820
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26968
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1551615%2C1607762%2C1656697%2C1657739%2C1660236%2C1667912%2C1671479%2C1671923
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1623920%2C1651705%2C1667872%2C1668876
    https://security.archlinux.org/CVE-2020-15999
    https://security.archlinux.org/CVE-2020-16012
    https://security.archlinux.org/CVE-2020-26951
    https://security.archlinux.org/CVE-2020-26952
    https://security.archlinux.org/CVE-2020-26953
    https://security.archlinux.org/CVE-2020-26956
    https://security.archlinux.org/CVE-2020-26958
    https://security.archlinux.org/CVE-2020-26959
    https://security.archlinux.org/CVE-2020-26960
    https://security.archlinux.org/CVE-2020-26961
    https://security.archlinux.org/CVE-2020-26962
    https://security.archlinux.org/CVE-2020-26963
    https://security.archlinux.org/CVE-2020-26965
    https://security.archlinux.org/CVE-2020-26967
    https://security.archlinux.org/CVE-2020-26968
    https://security.archlinux.org/CVE-2020-26969
    
    

    LinuxSecurity Poll

    How long have you been using Linux?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /main-polls/46-how-long-have-you-been-using-linux?task=poll.vote&format=json
    46
    radio
    [{"id":"160","title":"Just made the switch!","votes":"3","type":"x","order":"1","pct":30,"resources":[]},{"id":"161","title":"1-5 years","votes":"1","type":"x","order":"2","pct":10,"resources":[]},{"id":"162","title":"6-10 years","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"163","title":">10 years - I'm a veteran!","votes":"6","type":"x","order":"4","pct":60,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.