Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 705000 (CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, MFSA-2020-02, MFSA-2020-03) - <www-client/firefox{,-bin}-68.4.1: multiple vulnerabilities (MFSA-2020-{02,03})
Summary: <www-client/firefox{,-bin}-68.4.1: multiple vulnerabilities (MFSA-2020-{02,03})
Status: RESOLVED FIXED
Alias: CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, MFSA-2020-02, MFSA-2020-03
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on: CVE-2020-6796, CVE-2020-6797, CVE-2020-6799, MFSA-2020-06
Blocks:
  Show dependency tree
 
Reported: 2020-01-08 19:01 UTC by Hanno Böck
Modified: 2020-03-12 19:14 UTC (History)
1 user (show)

See Also:
Package list:
www-client/firefox-68.4.2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2020-01-08 19:01:37 UTC
Mozilla announced a type confusion vuln in Firefox before 72.0.1 and 68.4.1:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/

They say: "We are aware of targeted attacks in the wild abusing this flaw."
Comment 1 Larry the Git Cow gentoo-dev 2020-01-08 19:57:31 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=428ac3e38385b44a42ead0629a4b1278c6597d3e

commit 428ac3e38385b44a42ead0629a4b1278c6597d3e
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-01-08 19:48:13 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-01-08 19:57:18 +0000

    www-client/firefox-bin: bump to v68.4.1
    
    Bug: https://bugs.gentoo.org/705000
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                    | 186 ++++++++++-----------
 ...bin-68.4.0.ebuild => firefox-bin-68.4.1.ebuild} |   0
 2 files changed, 93 insertions(+), 93 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=52d25a2b63a3bfec3286b49c806fe14d99478561

commit 52d25a2b63a3bfec3286b49c806fe14d99478561
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-01-08 19:45:13 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-01-08 19:57:17 +0000

    www-client/firefox-bin: bump to v72.0.1
    
    Bug: https://bugs.gentoo.org/705000
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                    | 186 ++++++++++-----------
 ...x-bin-72.0.ebuild => firefox-bin-72.0.1.ebuild} |   0
 2 files changed, 93 insertions(+), 93 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59f51c34a211a1e87693fc07a00a3613e384dd79

commit 59f51c34a211a1e87693fc07a00a3613e384dd79
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-01-08 19:43:07 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-01-08 19:57:15 +0000

    www-client/firefox: bump to v68.4.1
    
    Bug: https://bugs.gentoo.org/705000
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest                        | 184 ++++++++++-----------
 ...firefox-68.4.0.ebuild => firefox-68.4.1.ebuild} |   0
 2 files changed, 92 insertions(+), 92 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aa1e9e29d03bf63d0f17a507b646e8449d28af0b

commit aa1e9e29d03bf63d0f17a507b646e8449d28af0b
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-01-08 19:39:34 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-01-08 19:57:14 +0000

    www-client/firefox: bump to v72.0.1
    
    Bug: https://bugs.gentoo.org/705000
    Package-Manager: Portage-2.3.84, Repoman-2.3.20
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest                        | 184 ++++++++++-----------
 .../{firefox-72.0.ebuild => firefox-72.0.1.ebuild} |   0
 2 files changed, 92 insertions(+), 92 deletions(-)
Comment 2 Thomas Deutschmann gentoo-dev Security 2020-01-08 20:02:46 UTC
From https://www.mozilla.org/en-US/security/advisories/MFSA-2020-02/:

CVE-2019-17016: Bypass of @namespace CSS sanitization during pasting

Impact
    high

Description

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.


CVE-2019-17017: Type Confusion in XPCVariant.cpp

Impact
    high

Description

Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code.


CVE-2019-17022: CSS sanitization does not escape HTML tags

Impact
    moderate

Description

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.


CVE-2019-17024: Memory safety bugs fixed in Firefox 72 and Firefox ESR 68.4

Impact
    high

Description

Mozilla developers Jason Kratzer, Christian Holler, and Bob Clary reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-01-08 20:41:06 UTC
amd64 & x86 stable
Comment 4 Thomas Deutschmann gentoo-dev Security 2020-02-24 23:05:54 UTC
Superseded by bug 709346.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2020-03-12 19:14:52 UTC
This issue was resolved and addressed in
 GLSA 202003-02 at https://security.gentoo.org/glsa/202003-02
by GLSA coordinator Thomas Deutschmann (whissi).