Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 721090 - <www-client/firefox{-bin}-{68.8.0,76.0}: multiple vulnerabilities (MFSA-2020-17)
Summary: <www-client/firefox{-bin}-{68.8.0,76.0}: multiple vulnerabilities (MFSA-2020-17)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+ cve cleanup]
Keywords: CC-ARCHES
Depends on:
Blocks: CVE-2020-12387, CVE-2020-12392, CVE-2020-12394, CVE-2020-12395, CVE-2020-12396, CVE-2020-6831, MFSA-2020-16, MFSA-2020-17, MFSA-2020-18
  Show dependency tree
 
Reported: 2020-05-05 13:41 UTC by Sam James (sec padawan)
Modified: 2020-05-12 23:40 UTC (History)
1 user (show)

See Also:
Package list:
www-client/firefox-68.8.0
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James (sec padawan) 2020-05-05 13:41:08 UTC
ESR (68.8) advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17
76 advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/


* CVE-2020-12387

Description:
"A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability. This resulted in a potentially exploitable crash."

Affects: 68.7 (ESR), 75


* CVE-2020-6831

Description:
"A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash."

Affects: 68.7 (ESR), 75

* CVE-2020-12391

Description:
"Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin."

Affects: 75

* CVE-2020-12392

Description:
"The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files."

Affects: 68.7 (ESR), 75

* CVE-2020-12394

Description:
"A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element."

Affects: 75

* CVE-2020-12395

Description:
"Mozilla developers and community members Alexandru Michis, Jason Kratzer, philipp, Ted Campbell, Bas Schouten, André Bargull, and Karl Tomlinson reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."

Affects: 68.87(ESR), 75

* CVE-2020-12396

Description:
"Mozilla developers and community members Frederik Braun, Andrew McCreight, C.M.Chang, and Dan Minor reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code."


Affects: 75
Comment 1 Sam James (sec padawan) 2020-05-05 13:42:47 UTC
@maintainer(s), please advise if ready for stabilisation, or call yourself
Comment 2 Larry the Git Cow gentoo-dev 2020-05-06 12:38:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e7a256c5c808b69349c3f7342c65500b8e6febeb

commit e7a256c5c808b69349c3f7342c65500b8e6febeb
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-06 12:35:22 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-06 12:38:41 +0000

    www-client/firefox: amd64 & x86 stable
    
    Bug: https://bugs.gentoo.org/721090
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/firefox-68.8.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Thomas Deutschmann gentoo-dev Security 2020-05-06 13:31:11 UTC
amd64 & x86 stable
Comment 4 Sam James (sec padawan) 2020-05-06 18:52:06 UTC
arm64 stable.

@maintainer(s), please cleanup
Comment 5 Larry the Git Cow gentoo-dev 2020-05-12 23:39:55 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1dc2a20dc0ee5ae3905b6fbbc6f47383c4a13fb4

commit 1dc2a20dc0ee5ae3905b6fbbc6f47383c4a13fb4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-12 23:39:36 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-12 23:39:45 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/721090
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                  | 186 --------------
 www-client/firefox-bin/firefox-bin-68.7.0.ebuild | 280 ---------------------
 www-client/firefox-bin/firefox-bin-75.0.ebuild   | 296 -----------------------
 3 files changed, 762 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27ffae6590944a4015bfac825bd31ccaa4dbb7a4

commit 27ffae6590944a4015bfac825bd31ccaa4dbb7a4
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-12 23:39:01 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-12 23:39:44 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/721090
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest                 | 186 ------
 www-client/firefox/firefox-68.7.0-r1.ebuild | 920 ---------------------------
 www-client/firefox/firefox-75.0-r3.ebuild   | 934 ----------------------------
 3 files changed, 2040 deletions(-)
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2020-05-12 23:40:03 UTC
This issue was resolved and addressed in
 GLSA 202005-04 at https://security.gentoo.org/glsa/202005-04
by GLSA coordinator Thomas Deutschmann (whissi).