739006 – (MFSA-2020-37) <www-client/firefox{-bin}-68.12.0: Multiple vulnerabilities (MFSA-2020-37)

Bug 739006 (MFSA-2020-37) - <www-client/firefox{-bin}-68.12.0: Multiple vulnerabilities (MFSA-2020-37)

Summary: <www-client/firefox{-bin}-68.12.0: Multiple vulnerabilities (MFSA-2020-37)

Status:	RESOLVED FIXED

Alias:	MFSA-2020-37

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://www.mozilla.org/en-US/securit...
Whiteboard:	A2 [glsa+ cve]
Keywords:

Depends on:
Blocks:	CVE-2020-15664, CVE-2020-15669
	Show dependency tree

Reported:	2020-08-25 20:29 UTC by Sam James
Modified:	2020-08-31 11:43 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	www-client/firefox-68.12.0
Runtime testing required:	---

Flags:	nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2020-08-25 20:29:06 UTC

* CVE-2020-15664

Description:
"By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed."

* CVE-2020-15669

Description:
"When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified. This results in a use-after-free and we presume that with enough effort it could have been exploited to run arbitrary code."

Comment 1 Sam James archtester

2020-08-25 22:46:03 UTC

arm64 done

Comment 2 Sam James archtester

2020-08-25 23:55:00 UTC

amd64 stable

Comment 3 Sam James archtester

2020-08-26 10:04:08 UTC

x86 stable. Please cleanup.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2020-08-27 00:56:32 UTC

This issue was resolved and addressed in
 GLSA 202008-16 at https://security.gentoo.org/glsa/202008-16
by GLSA coordinator Sam James (sam_c).

Comment 5 Sam James archtester

2020-08-27 00:56:59 UTC

Reopening for cleanup.

Comment 6 Larry the Git Cow gentoo-dev

2020-08-31 11:42:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f27d782becf2ccc17d24f74343e4760aa0dcc3d5

commit f27d782becf2ccc17d24f74343e4760aa0dcc3d5
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-08-31 11:42:50 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-08-31 11:42:50 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/739006
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                   | 186 --------------
 www-client/firefox-bin/firefox-bin-68.11.0.ebuild | 280 --------------------
 www-client/firefox-bin/firefox-bin-79.0.ebuild    | 296 ----------------------
 3 files changed, 762 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7416ee63d36e89a12a7c64d5cda63bb11be7ae87

commit 7416ee63d36e89a12a7c64d5cda63bb11be7ae87
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-08-31 11:42:22 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-08-31 11:42:22 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/739006
    Package-Manager: Portage-3.0.4, Repoman-3.0.1
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest               | 185 ------
 www-client/firefox/firefox-68.11.0.ebuild | 934 ------------------------------
 www-client/firefox/firefox-79.0-r2.ebuild | 933 -----------------------------
 3 files changed, 2052 deletions(-)

Comment 7 Thomas Deutschmann (RETIRED) gentoo-dev

2020-08-31 11:43:23 UTC

Repository is clean, all done!