Linux Security
    Linux Security
    Linux Security

    ArchLinux: 202012-25: firefox: multiple issues

    Date 31 Dec 2020
    467
    Posted By LinuxSecurity Advisories
    The package firefox before version 84.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing and information disclosure.
    Arch Linux Security Advisory ASA-202012-25
    ==========================================
    
    Severity: High
    Date    : 2020-12-16
    CVE-ID  : CVE-2020-16042 CVE-2020-26971 CVE-2020-26972 CVE-2020-26973
              CVE-2020-26974 CVE-2020-26976 CVE-2020-26978 CVE-2020-26979
              CVE-2020-35111 CVE-2020-35113 CVE-2020-35114
    Package : firefox
    Type    : multiple issues
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1362
    
    Summary
    =======
    
    The package firefox before version 84.0-1 is vulnerable to multiple
    issues including arbitrary code execution, content spoofing and
    information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 84.0-1.
    
    # pacman -Syu "firefox>=84.0-1"
    
    The problems have been fixed upstream in version 84.0.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    - CVE-2020-16042 (information disclosure)
    
    An uninitialized use security issue has been found in the V8 component
    of the chromium browser before version 87.0.4280.88 and Firefox before
    84.0.
    
    - CVE-2020-26971 (arbitrary code execution)
    
    A security issue was found in Firefox before 84.0 and Thunderbird
    before 78.6 where certain blit values provided by the user were not
    properly constrained, leading to a heap buffer overflow on some video
    drivers.
    
    - CVE-2020-26972 (arbitrary code execution)
    
    A security issue was found in Firefox before 84.0. The lifecycle of IPC
    Actors allows managed actors to outlive their manager actors; and the
    former must ensure that they are not attempting to use a dead actor
    they have a reference to. Such a check was omitted in WebGL, resulting
    in a use-after-free and a potentially exploitable crash.
    
    - CVE-2020-26973 (content spoofing)
    
    A security issue was found in Firefox before 84.0 and Thunderbird
    before 78.6 where certain input to the CSS Sanitizer confused it,
    resulting in incorrect components being removed. This could have been
    used as a sanitizer bypass.
    
    - CVE-2020-26974 (arbitrary code execution)
    
    A security issue was found in Firefox before 84.0 and Thunderbird
    before 78.6. When flex-basis was used on a table wrapper, a
    StyleGenericFlexBasis object could have been incorrectly cast to the
    wrong type. This resulted in a heap user-after-free, memory corruption,
    and a potentially exploitable crash.
    
    - CVE-2020-26976 (information disclosure)
    
    A security issue was found in Firefox before 84.0. When an HTTPS page
    was embedded in an HTTP page, and there was a service worker registered
    for the former, the service worker could have intercepted the request
    for the secure page despite the iframe not being a secure context due
    to the (insecure) framing.
    
    - CVE-2020-26978 (information disclosure)
    
    A security issue was discovered in Firefox before 84.0 and Thunderbird
    before 78.6. Using techniques that built on the slipstream research, a
    malicious webpage could have exposed both an internal network's hosts
    as well as services running on the user's local machine.
    
    - CVE-2020-26979 (content spoofing)
    
    A security issue was discovered in Firefox before 84.0. When a user
    typed a URL in the address bar or the search bar and quickly hit the
    enter key, a website could sometimes capture that event and then
    redirect the user before navigation occurred to the desired, entered
    address. To construct a convincing spoof the attacker would have had to
    guess what the user was typing, perhaps by suggesting it.
    
    - CVE-2020-35111 (information disclosure)
    
    A security issue was discovered in Firefox before 84.0 and Thunderbird
    before 78.6. When an extension with the proxy permission registered to
    receive , the proxy.onRequest callback was not triggered for
    view-source URLs. While web content cannot navigate to such URLs, a
    user opening View Source could have inadvertently leaked their IP
    address.
    
    - CVE-2020-35113 (arbitrary code execution)
    
    Mozilla developer Christian Holler reported memory safety bugs present
    in Firefox 83, Firefox ESR 78.5 and Thunderbird 78.5. Some of these
    bugs showed evidence of memory corruption and Mozilla presumes that
    with enough effort some of these could have been exploited to run
    arbitrary code.
    
    - CVE-2020-35114 (arbitrary code execution)
    
    Mozilla developers Christian Holler, Jan-Ivar Bruaroey, and Gabriele
    Svelto reported memory safety bugs present in Firefox 83. Some of these
    bugs showed evidence of memory corruption and Mozilla presumes that
    with enough effort some of these could have been exploited to run
    arbitrary code.
    
    Impact
    ======
    
    A remote attacker might be able to spoof content, access sensitive
    information or execute arbitrary code.
    
    References
    ==========
    
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/
    https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
    https://crbug.com/1151890
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042
    https://bugzilla.mozilla.org/show_bug.cgi?id=1679003
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971
    https://bugzilla.mozilla.org/show_bug.cgi?id=1663466
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972
    https://bugzilla.mozilla.org/show_bug.cgi?id=1671382
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
    https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974
    https://bugzilla.mozilla.org/show_bug.cgi?id=1681022
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26976
    https://bugzilla.mozilla.org/show_bug.cgi?id=1674343
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978
    https://bugzilla.mozilla.org/show_bug.cgi?id=1677047
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35111
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35111
    https://bugzilla.mozilla.org/show_bug.cgi?id=1657916
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1664831%2C1673589
    https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114
    https://bugzilla.mozilla.org/buglist.cgi?bug_id=1607449%2C1640416%2C1656459%2C1669914%2C1673567
    https://security.archlinux.org/CVE-2020-16042
    https://security.archlinux.org/CVE-2020-26971
    https://security.archlinux.org/CVE-2020-26972
    https://security.archlinux.org/CVE-2020-26973
    https://security.archlinux.org/CVE-2020-26974
    https://security.archlinux.org/CVE-2020-26976
    https://security.archlinux.org/CVE-2020-26978
    https://security.archlinux.org/CVE-2020-26979
    https://security.archlinux.org/CVE-2020-35111
    https://security.archlinux.org/CVE-2020-35113
    https://security.archlinux.org/CVE-2020-35114
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"22","type":"x","order":"1","pct":34.92,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"13","type":"x","order":"2","pct":20.63,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"28","type":"x","order":"3","pct":44.44,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.