Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 709346 (CVE-2020-6796, CVE-2020-6797, CVE-2020-6799, MFSA-2020-06)

Summary: <www-client/firefox{,-bin}-68.5.0: multiple vulnerabilities (MFSA-2020-06) (CVE-2020-{6796,6797,6798,6799,6800})
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: alexander, mozilla, ovi, proxy-maint, tripolar, wgh, whissi
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/
Whiteboard: A2 [glsa+ cve]
Package list:
www-client/firefox-68.5.0
Runtime testing required: ---
Bug Depends on: 712182    
Bug Blocks: 705000    

Comment 1 Larry the Git Cow gentoo-dev 2020-02-13 14:52:37 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59ff527d60081833a92c99998ff1c7751e210b00

commit 59ff527d60081833a92c99998ff1c7751e210b00
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-02-13 13:57:35 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-02-13 14:49:48 +0000

    www-client/firefox-bin: bump to v68.5.0
    
    Bug: https://bugs.gentoo.org/709346
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  |  93 ++++++++++++
 www-client/firefox-bin/firefox-bin-68.5.0.ebuild | 174 +++++++++++++++++++++++
 2 files changed, 267 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=755f7e9a089617d2ed742aab3b4f002cf416204b

commit 755f7e9a089617d2ed742aab3b4f002cf416204b
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-02-13 13:50:11 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-02-13 14:49:47 +0000

    www-client/firefox: bump to v68.5.0
    
    Bug: https://bugs.gentoo.org/709346
    Package-Manager: Portage-2.3.88, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest              |  92 ++++
 www-client/firefox/firefox-68.5.0.ebuild | 773 +++++++++++++++++++++++++++++++
 2 files changed, 865 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2020-02-24 23:04:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27a6f66174254e9a9eeafe610168742d971d8c01

commit 27a6f66174254e9a9eeafe610168742d971d8c01
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-02-24 23:04:27 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-02-24 23:04:27 +0000

    www-client/firefox: amd64 & x86 stable (bug #709346)
    
    Bug: https://bugs.gentoo.org/709346
    Package-Manager: Portage-2.3.89, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/firefox-68.5.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-03-02 16:01:29 UTC
*** Bug 711290 has been marked as a duplicate of this bug. ***
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-03-07 16:03:03 UTC
CVE-2020-6800 (https://nvd.nist.gov/vuln/detail/CVE-2020-6800):
  Mozilla developers and community members reported memory safety bugs present
  in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of
  memory corruption and we presume that with enough effort some of these could
  have been exploited to run arbitrary code. In general, these flaws cannot be
  exploited through email in the Thunderbird product because scripting is
  disabled when reading mail, but are potentially risks in browser or
  browser-like contexts. This vulnerability affects Thunderbird < 68.5,
  Firefox < 73, and Firefox < ESR68.5.

CVE-2020-6799 (https://nvd.nist.gov/vuln/detail/CVE-2020-6799):
  Command line arguments could have been injected during Firefox invocation as
  a shell handler for certain unsupported file types. This required Firefox to
  be configured as the default handler for a given file type and for a file
  downloaded to be opened in a third party application that insufficiently
  sanitized URL data. In that situation, clicking a link in the third party
  application could have been used to retrieve and execute files whose
  location was supplied through command line arguments. Note: This issue only
  affects Windows operating systems and when Firefox is configured as the
  default handler for non-default filetypes. Other operating systems are
  unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.

CVE-2020-6798 (https://nvd.nist.gov/vuln/detail/CVE-2020-6798):
  If a template tag was used in a select tag, the parser could be confused and
  allow JavaScript parsing and execution when it should not be allowed. A site
  that relied on the browser behaving correctly could suffer a cross-site
  scripting vulnerability as a result. In general, this flaw cannot be
  exploited through email in the Thunderbird product because scripting is
  disabled when reading mail, but is potentially a risk in browser or
  browser-like contexts. This vulnerability affects Thunderbird < 68.5,
  Firefox < 73, and Firefox < ESR68.5.

CVE-2020-6797 (https://nvd.nist.gov/vuln/detail/CVE-2020-6797):
  By downloading a file with the .fileloc extension, a semi-privileged
  extension could launch an arbitrary application on the user's computer. The
  attacker is restricted as they are unable to download non-quarantined files
  or supply command line arguments to the application, limiting the impact.
  Note: this issue only occurs on Mac OSX. Other operating systems are
  unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and
  Firefox < ESR68.5.

CVE-2020-6796 (https://nvd.nist.gov/vuln/detail/CVE-2020-6796):
  A content process could have modified shared memory relating to crash
  reporting information, crash itself, and cause an out-of-bound write. This
  could have caused memory corruption and a potentially exploitable crash.
  This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev Security 2020-03-07 16:26:54 UTC
arm64 please stabilize version so we can close bug. 

New GLSA Request filed.
Comment 6 Mart Raudsepp gentoo-dev 2020-03-11 15:37:37 UTC
All USE=clang builds fail on arm64 for elf hacks option stuff; afaiu, Whissi is planning to fix this per our private talks, then can re-test and stable if good.
All USE=eme-free fail as well, but willing to let that slide (there's an open bug on that).
Comment 7 Thomas Deutschmann gentoo-dev Security 2020-03-11 21:48:39 UTC
Superseded by bug 712182.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2020-03-12 19:15:00 UTC
This issue was resolved and addressed in
 GLSA 202003-02 at https://security.gentoo.org/glsa/202003-02
by GLSA coordinator Thomas Deutschmann (whissi).