Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia: 2020-0318 Moderate: Firefox ASLR Bypass and Memory Flaws

mageia
Calendar Grey August 18, 2020
Dist Mageia Esm H88
Revamped Firefox bundles address significant vulnerabilities impacting Mageia clientele. Key patches and problem specifics outlined.
WebRTC used the memory address of a class instance as a connection identifier

Summary

WebRTC used the memory address of a class instance as a connection identifier. Unfortunately, this value is often transmitted to the peer, which allows bypassing ASLR (CVE-2020-6514).
Crafted media files could lead to a race in texture caches, resulting in a use-after-free in ANGLE gl::Texture::onUnbindAsSamplerTexture, memory corruption, and a potentially exploitable crash (CVE-2020-6463).
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script (CVE-2020-15652).
Mozilla developers Jason Kratzer and Luke Wagner reported memory safety bugs present in Firefox 78 and Firefox ESR 68.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2020-15659).
Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits w...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=27011

- https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/3626XG8mLJw

- https://bugzilla.redhat.com/show_bug.cgi?id=1826187

- https://bugzilla.redhat.com/show_bug.cgi?id=1853983

- https://bugzilla.redhat.com/show_bug.cgi?id=1851294

- https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/

-

- https://www.cve.org/CVERecord?id=CVE-2020-6463

- https://www.cve.org/CVERecord?id=CVE-2020-6514

- https://www.cve.org/CVERecord?id=CVE-2020-6829

- https://www.cve.org/CVERecord?id=CVE-2020-12400

- https://www.cve.org/CVERecord?id=CVE-2020-12401

- https://www.cve.org/CVERecord?id=CVE-2020-12403

- https://www.cve.org/CVERecord?id=CVE-2020-15652

- https://www.cve.org/CVERecord?id=CVE-2020-15659

Topics%20covered

Topics Covered

security advisory memory corruption firefox data confidentiality ASLR bypass Mageia webRTC

Resolution

SRPMS

- 7/core/firefox-68.11.0-1.mga7

- 7/core/firefox-l10n-68.11.0-1.mga7

- 7/core/nspr-4.27-1.mga7

- 7/core/nss-3.52.1-1.2.mga7

Publication date: 18 Aug 2020
URL: https://advisories.mageia.org/MGASA-2020-0318.html
Type: security
CVE: CVE-2020-6463, CVE-2020-6514, CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, CVE-2020-12403, CVE-2020-15652, CVE-2020-15659

Topics%20covered

Topics Covered

security advisory memory corruption firefox data confidentiality ASLR bypass Mageia webRTC

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here