Mageia: 2020-0163 Moderate: Firefox Security Risks and Fixes
mageia
April 8, 2020
Updated firefox packages fix security vulnerabilities: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specificatio...
Summary
Updated firefox packages fix security vulnerabilities:
When reading from areas partially or fully outside the source resource
with WebGL's copyTexSubImage method, the specification requires the
returned values be zero. Previously, this memory was uninitialized,
leading to potentially sensitive data disclosure (CVE-2020-6821).
On 32-bit builds, an out of bounds write could have occurred when
processing an image larger than 4 GB in GMPDecodeData. It is possible
that with enough effort this could have been exploited to run arbitrary
code (CVE-2020-6822).
Mozilla developers Tyson Smith and Christian Holler reported memory safety
bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed
evidence of memory corruption and we presume that with enough effort some
of these could have been exploited to run arbitrary code (CVE-2020-6825).
References
- https://bugs.mageia.org/show_bug.cgi?id=26442
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/
- https://www.cve.org/CVERecord?id=CVE-2019-XXXX
Topics Covered
Resolution
SRPMS
- 7/core/firefox-68.7.0-1.mga7
- 7/core/firefox-l10n-68.7.0-1.mga7
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 08 Apr 2020
URL: https://advisories.mageia.org/MGASA-2020-0163.html
Type: security
CVE: CVE-2019-XXXX
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!