Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 726844 (CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12411) - <www-client/firefox-bin{68.9.0,77.0}, <www-client/firefox{68.9.0,77.0.1}: Multiple vulnerabilities (MFSA-2020-21)
Summary: <www-client/firefox-bin{68.9.0,77.0}, <www-client/firefox{68.9.0,77.0.1}: Mul...
Status: RESOLVED FIXED
Alias: CVE-2020-12407, CVE-2020-12408, CVE-2020-12409, CVE-2020-12411
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+ cve]
Keywords: CC-ARCHES
Depends on:
Blocks: CVE-2020-12405, CVE-2020-12406, CVE-2020-12410
  Show dependency tree
 
Reported: 2020-06-02 23:36 UTC by Sam James
Modified: 2020-07-01 18:13 UTC (History)
2 users (show)

See Also:
Package list:
www-client/firefox-68.9.0
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-02 23:36:40 UTC 
* CVE-2020-12405 (ESR too)

Description:
"When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash."

* CVE-2020-12406 (ESR too)

Description:
"Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code."

* CVE-2020-12407

Description:
"Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content."

* CVE-2020-12408

Description:
"When browsing a document hosted on an IP address, an attacker could insert certain characters to flip domain and path information in the address bar."


* CVE-2020-12409

Description:
"When using certain blank characters in a URL, they where incorrectly rendered as spaces instead of an encoded URL."


* CVE-2020-12410 (ESR too)

Description:
"Mozilla developers Tom Tung and Karl Tomlinson reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

* CVE-2020-12411

Description:
"Mozilla developers :Gijs (he/him), Randell Jesup reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."
Comment 1 Larry the Git Cow gentoo-dev 2020-06-04 07:47:25 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c87110015e9ae506182e659017a988f98f33d2a4

commit c87110015e9ae506182e659017a988f98f33d2a4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-06-04 07:47:15 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-06-04 07:47:15 +0000

    www-client/firefox: amd64 & x86 stable
    
    Bug: https://bugs.gentoo.org/726844
    Package-Manager: Portage-2.3.100, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/firefox-68.9.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-05 13:36:13 UTC 
arm64 stable
----

@maintainer(s), please cleanup
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2020-06-13 01:16:31 UTC 
This issue was resolved and addressed in
 GLSA 202006-07 at https://security.gentoo.org/glsa/202006-07
by GLSA coordinator Aaron Bauman (b-man).
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2020-06-13 01:16:59 UTC 
re-opened for cleanup
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-29 00:15:38 UTC 
ping
Comment 6 Larry the Git Cow gentoo-dev 2020-06-30 20:29:36 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f42682804e5f29da65addd50349c34d2cde0059

commit 4f42682804e5f29da65addd50349c34d2cde0059
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-06-30 20:27:56 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-06-30 20:29:16 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/726844
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest               | 277 ---------
 www-client/firefox/firefox-68.8.0.ebuild  | 920 -----------------------------
 www-client/firefox/firefox-76.0-r1.ebuild | 934 ------------------------------
 www-client/firefox/firefox-76.0.1.ebuild  | 934 ------------------------------
 4 files changed, 3065 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3852acd8e7f5aa182c6d65bddae0019dd511116

commit b3852acd8e7f5aa182c6d65bddae0019dd511116
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-06-30 20:26:53 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-06-30 20:29:15 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/726844
    Package-Manager: Portage-2.3.103, Repoman-2.3.23
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  | 372 -----------------------
 www-client/firefox-bin/firefox-bin-68.8.0.ebuild | 280 -----------------
 www-client/firefox-bin/firefox-bin-68.9.0.ebuild | 280 -----------------
 www-client/firefox-bin/firefox-bin-76.0.1.ebuild | 296 ------------------
 www-client/firefox-bin/firefox-bin-76.0.ebuild   | 296 ------------------
 5 files changed, 1524 deletions(-)