Mageia: 2020-0421 Critical: Firefox And Thunderbird Use-After-Free
mageia
November 13, 2020
Write side effects in MCallGetProperty opcode not accounted for
Summary
Write side effects in MCallGetProperty opcode not accounted for.
In certain circumstances, the MCallGetProperty opcode can be emitted with
unmet assumptions resulting in an exploitable use-after-free condition.
(CVE-2020-26950)
Also some bugfix for Thunderbird have been added. See upstream release notes.
References
- https://bugs.mageia.org/show_bug.cgi?id=27589
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
- https://www.firefox.com/en-US/firefox/78.4.1/releasenotes/?redirect_source=mozilla-org
- https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/78.4.2/releasenotes/
- https://access.redhat.com/errata/RHSA-2020:5100
- https://www.cve.org/CVERecord?id=CVE-2020-26950
Topics Covered
Resolution
SRPMS
- 7/core/firefox-78.4.1-1.mga7
- 7/core/firefox-l10n-78.4.1-1.mga7
- 7/core/thunderbird-78.4.2-1.mga7
- 7/core/thunderbird-l10n-78.4.2-1.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 13 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0421.html
Type: security
CVE: CVE-2020-26950
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!