MGASA-2020-0421 - Updated firefox and thunderbird packages fix a security vulnerability

Publication date: 13 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0421.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-26950

Write side effects in MCallGetProperty opcode not accounted for.
In certain circumstances, the MCallGetProperty opcode can be emitted with
unmet assumptions resulting in an exploitable use-after-free condition.
(CVE-2020-26950)

Also some bugfix for Thunderbird have been added. See upstream release notes.

References:
- https://bugs.mageia.org/show_bug.cgi?id=27589
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
- https://www.mozilla.org/en-US/firefox/78.4.1/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/78.4.2/releasenotes/
- https://access.redhat.com/errata/RHSA-2020:5100
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26950

SRPMS:
- 7/core/firefox-78.4.1-1.mga7
- 7/core/firefox-l10n-78.4.1-1.mga7
- 7/core/thunderbird-78.4.2-1.mga7
- 7/core/thunderbird-l10n-78.4.2-1.mga7