Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 750446 (CVE-2020-15683, MFSA-2020-45, MFSA-2020-46, MFSA-2020-47)

Summary: <www-client/{firefox,thunderbird}{,-bin}-{78.4.0, 82.0}: Multiple vulnerabilities (MFSA-2020-{45,46,47})
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: mozilla
Priority: Normal Keywords: CC-ARCHES
Version: unspecifiedFlags: nattka: sanity-check+
Hardware: All   
OS: Linux   
URL: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/
Whiteboard: A2 [glsa+ cve]
Package list:
www-client/firefox-78.4.0
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 750743    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-20 17:20:13 UTC
* CVE-2020-15969

A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash.
References

* CVE-2020-15683

Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

----
As ever, there's also https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/ for Firefox 82, but they're getting handled in this bug anyway and aren't eligible for GLSA (not in stable version).
Comment 1 Larry the Git Cow gentoo-dev 2020-10-21 22:49:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10f540c3334dbe5bd0a1413f890b9762ba59bca6

commit 10f540c3334dbe5bd0a1413f890b9762ba59bca6
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-21 22:49:05 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-21 22:49:05 +0000

    www-client/firefox: amd64 & x86 stable
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/firefox-78.4.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-10-23 00:31:39 UTC
arm64 done

all arches done
Comment 3 Larry the Git Cow gentoo-dev 2020-10-23 00:53:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23bdbb5707dd557ded7e596f4946136252016d7d

commit 23bdbb5707dd557ded7e596f4946136252016d7d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:52:39 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:52:39 +0000

    mail-client/thunderbird-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-client/thunderbird-bin/Manifest               | 132 -------
 .../thunderbird-bin/thunderbird-bin-78.3.2.ebuild  | 370 --------------------
 .../thunderbird-bin/thunderbird-bin-78.3.3.ebuild  | 378 ---------------------
 3 files changed, 880 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae4d0bfd7bf7fd323c2d43778f4908fba59fbd48

commit ae4d0bfd7bf7fd323c2d43778f4908fba59fbd48
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:52:15 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:52:15 +0000

    mail-client/thunderbird: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-client/thunderbird/Manifest                  |  131 ---
 mail-client/thunderbird/thunderbird-78.3.2.ebuild | 1016 --------------------
 mail-client/thunderbird/thunderbird-78.3.3.ebuild | 1035 ---------------------
 3 files changed, 2182 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b47149e2061daccf2dea26ada458ee2014d51da

commit 9b47149e2061daccf2dea26ada458ee2014d51da
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:51:06 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:51:06 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                    | 291 ---------------
 .../firefox-bin/firefox-bin-78.3.1-r1.ebuild       | 403 ---------------------
 .../firefox-bin/firefox-bin-81.0.1-r1.ebuild       | 403 ---------------------
 www-client/firefox-bin/firefox-bin-81.0.2.ebuild   | 403 ---------------------
 4 files changed, 1500 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4befbbed6fe0ac47b7276c672153b259251d140e

commit 4befbbed6fe0ac47b7276c672153b259251d140e
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:49:39 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:49:39 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest                        |  291 ------
 ...-hwaccel-prefs.js-1 => gentoo-hwaccel-prefs.js} |    0
 www-client/firefox/firefox-78.3.1.ebuild           | 1098 --------------------
 www-client/firefox/firefox-78.4.0.ebuild           |    2 +-
 www-client/firefox/firefox-81.0.1-r1.ebuild        | 1098 --------------------
 www-client/firefox/firefox-81.0.1.ebuild           | 1066 -------------------
 www-client/firefox/firefox-81.0.2.ebuild           | 1098 --------------------
 www-client/firefox/firefox-82.0.ebuild             |    2 +-
 8 files changed, 2 insertions(+), 4653 deletions(-)
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-10-28 00:36:54 UTC
This issue was resolved and addressed in
 GLSA 202010-08 at https://security.gentoo.org/glsa/202010-08
by GLSA coordinator Sam James (sam_c).