Summary: | <www-client/firefox{,-bin}-68.5.0: multiple vulnerabilities (MFSA-2020-06) (CVE-2020-{6796,6797,6798,6799,6800}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | alexander, mozilla, ovi, proxy-maint, tripolar, wgh, whissi |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/ | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
www-client/firefox-68.5.0
|
Runtime testing required: | --- |
Bug Depends on: | 712182 | ||
Bug Blocks: | 705000 |
Description
Agostino Sarubbo
2020-02-12 08:20:17 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59ff527d60081833a92c99998ff1c7751e210b00 commit 59ff527d60081833a92c99998ff1c7751e210b00 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-02-13 13:57:35 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-02-13 14:49:48 +0000 www-client/firefox-bin: bump to v68.5.0 Bug: https://bugs.gentoo.org/709346 Package-Manager: Portage-2.3.88, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox-bin/Manifest | 93 ++++++++++++ www-client/firefox-bin/firefox-bin-68.5.0.ebuild | 174 +++++++++++++++++++++++ 2 files changed, 267 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=755f7e9a089617d2ed742aab3b4f002cf416204b commit 755f7e9a089617d2ed742aab3b4f002cf416204b Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-02-13 13:50:11 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-02-13 14:49:47 +0000 www-client/firefox: bump to v68.5.0 Bug: https://bugs.gentoo.org/709346 Package-Manager: Portage-2.3.88, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 92 ++++ www-client/firefox/firefox-68.5.0.ebuild | 773 +++++++++++++++++++++++++++++++ 2 files changed, 865 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27a6f66174254e9a9eeafe610168742d971d8c01 commit 27a6f66174254e9a9eeafe610168742d971d8c01 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-02-24 23:04:27 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-02-24 23:04:27 +0000 www-client/firefox: amd64 & x86 stable (bug #709346) Bug: https://bugs.gentoo.org/709346 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/firefox-68.5.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) *** Bug 711290 has been marked as a duplicate of this bug. *** CVE-2020-6800 (https://nvd.nist.gov/vuln/detail/CVE-2020-6800): Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. CVE-2020-6799 (https://nvd.nist.gov/vuln/detail/CVE-2020-6799): Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. CVE-2020-6798 (https://nvd.nist.gov/vuln/detail/CVE-2020-6798): If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. CVE-2020-6797 (https://nvd.nist.gov/vuln/detail/CVE-2020-6797): By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. CVE-2020-6796 (https://nvd.nist.gov/vuln/detail/CVE-2020-6796): A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. arm64 please stabilize version so we can close bug. New GLSA Request filed. All USE=clang builds fail on arm64 for elf hacks option stuff; afaiu, Whissi is planning to fix this per our private talks, then can re-test and stable if good. All USE=eme-free fail as well, but willing to let that slide (there's an open bug on that). Superseded by bug 712182. This issue was resolved and addressed in GLSA 202003-02 at https://security.gentoo.org/glsa/202003-02 by GLSA coordinator Thomas Deutschmann (whissi). |