Bug 721090

Summary:	<www-client/firefox{-bin}-{68.8.0,76.0}: multiple vulnerabilities (MFSA-2020-17)
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	major	CC:	mozilla
Priority:	Normal	Keywords:	CC-ARCHES
Version:	unspecified	Flags:	nattka: sanity-check+
Hardware:	All
OS:	Linux
URL:	https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/
Whiteboard:	A2 [glsa+ cve cleanup]
Package list:	www-client/firefox-68.8.0	Runtime testing required:	---
Bug Depends on:
Bug Blocks:	721322

Description Sam James archtester

2020-05-05 13:41:08 UTC

ESR (68.8) advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17
76 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/


* CVE-2020-12387

Description:
"A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash."

Affects: 68.7 (ESR), 75


* CVE-2020-6831

Description:
"A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash."

Affects: 68.7 (ESR), 75

* CVE-2020-12391

Description:
"Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin."

Affects: 75

* CVE-2020-12392

Description:
"The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files."

Affects: 68.7 (ESR), 75

* CVE-2020-12394

Description:
"A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element."

Affects: 75

* CVE-2020-12395

Description:
"Mozilla developers and community members Alexandru Michis, Jason Kratzer, philipp, Ted Campbell, Bas Schouten, André Bargull, and Karl Tomlinson reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

Affects: 68.87(ESR), 75

* CVE-2020-12396

Description:
"Mozilla developers and community members Frederik Braun, Andrew McCreight, C.M.Chang, and Dan Minor reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."


Affects: 75

Comment 1 Sam James archtester

2020-05-05 13:42:47 UTC

@maintainer(s), please advise if ready for stabilisation, or call yourself

Comment 2 Larry the Git Cow gentoo-dev

2020-05-06 12:38:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7a256c5c808b69349c3f7342c65500b8e6febeb

commit e7a256c5c808b69349c3f7342c65500b8e6febeb
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-06 12:35:22 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-06 12:38:41 +0000

    www-client/firefox: amd64 & x86 stable
    
    Bug: https://bugs.gentoo.org/721090
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/firefox-68.8.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2020-05-06 13:31:11 UTC

amd64 & x86 stable

Comment 4 Sam James archtester

2020-05-06 18:52:06 UTC

arm64 stable.

@maintainer(s), please cleanup

Comment 5 Larry the Git Cow gentoo-dev

2020-05-12 23:39:55 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc2a20dc0ee5ae3905b6fbbc6f47383c4a13fb4

commit 1dc2a20dc0ee5ae3905b6fbbc6f47383c4a13fb4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-12 23:39:36 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-12 23:39:45 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/721090
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  | 186 --------------
 www-client/firefox-bin/firefox-bin-68.7.0.ebuild | 280 ---------------------
 www-client/firefox-bin/firefox-bin-75.0.ebuild   | 296 -----------------------
 3 files changed, 762 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27ffae6590944a4015bfac825bd31ccaa4dbb7a4

commit 27ffae6590944a4015bfac825bd31ccaa4dbb7a4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-12 23:39:01 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-12 23:39:44 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/721090
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest                 | 186 ------
 www-client/firefox/firefox-68.7.0-r1.ebuild | 920 ---------------------------
 www-client/firefox/firefox-75.0-r3.ebuild   | 934 ----------------------------
 3 files changed, 2040 deletions(-)

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2020-05-12 23:40:03 UTC

This issue was resolved and addressed in
 GLSA 202005-04 at https://security.gentoo.org/glsa/202005-04
by GLSA coordinator Thomas Deutschmann (whissi).