Bug 746104 (MFSA-2020-36, MFSA-2020-42)

CVE-2020-15665 (MSFA-2020-36)
--------------
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15665
https://bugzilla.mozilla.org/show_bug.cgi?id=1651636
https://www.mozilla.org/security/advisories/mfsa2020-36/


CVE-2020-15667 (MSFA-2020-36)
--------------
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15667
https://bugzilla.mozilla.org/show_bug.cgi?id=1653371
https://www.mozilla.org/security/advisories/mfsa2020-36/


CVE-2020-15674 (MSFA-2020-42)
--------------
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15674
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1656063%2C1656064%2C1656067%2C1660293
https://www.mozilla.org/security/advisories/mfsa2020-42/


CVE-2020-15675 (MSFA-2020-42)
--------------
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15675
https://bugzilla.mozilla.org/show_bug.cgi?id=1654211
https://www.mozilla.org/security/advisories/mfsa2020-42/