Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 727120 (CVE-2020-12405, CVE-2020-12406, CVE-2020-12410)

Summary: [Tracker] Multiple vulnerabilities in Mozilla products
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: mozilla
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [cve]
Package list:
Runtime testing required: ---
Bug Depends on: 726844, 727118    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-06-04 12:34:59 UTC 
Common CVEs.

* CVE-2020-12405

Description:
"When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash."

* CVE-2020-12406

Description:
"Mozilla developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code."