Mageia 7 Firefox Security Advisory 2020-0141: High Risk Updates
mageia
March 14, 2020
Updated firefox packages fix security vulnerabilities: The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two function...
Summary
Updated firefox packages fix security vulnerabilities:
The inputs to sctp_load_addresses_from_init are verified by
sctp_arethere_unrecognized_parameters; however, the two functions
handled parameter bounds differently, resulting in out of bounds
reads when parameters are partially outside a chunk (CVE-2019-20503).
When removing data about an origin whose tab was recently closed,
a use-after-free could occur in the Quota manager, resulting in a
potentially exploitable crash (CVE-2020-6805).
By carefully crafting promise resolutions, it was possible to cause an
out-of-bounds read off the end of an array resized during script execution.
This could have led to memory corruption and a potentially exploitable
crash (CVE-2020-6806).
When a device was changed while a stream was about to be destroyed, the
stream-reinit task may have been executed after the stream was destroyed,
causing a use-after-free and a potentially exploitable crash
(CVE-2020-6807).
The 'Copy as cURL' feature of Devtool...
References
- https://bugs.mageia.org/show_bug.cgi?id=26325
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/
- - https://www.cve.org/CVERecord?id=CVE-2019-20503
- https://www.cve.org/CVERecord?id=CVE-2020-6805
- https://www.cve.org/CVERecord?id=CVE-2020-6806
- https://www.cve.org/CVERecord?id=CVE-2020-6807
- https://www.cve.org/CVERecord?id=CVE-2020-6811
- https://www.cve.org/CVERecord?id=CVE-2020-6812
- https://www.cve.org/CVERecord?id=CVE-2020-6814
Topics Covered
Resolution
SRPMS
- 7/core/firefox-68.6.0-1.mga7
- 7/core/firefox-l10n-68.6.0-1.mga7
- 7/core/nss-3.51.0-1.mga7
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 14 Mar 2020
URL: https://advisories.mageia.org/MGASA-2020-0141.html
Type: security
CVE: CVE-2019-20503,
CVE-2020-6805,
CVE-2020-6806,
CVE-2020-6807,
CVE-2020-6811,
CVE-2020-6812,
CVE-2020-6814
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!