CVE-2020-15665 (MSFA-2020-36) -------------- Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. Links: https://nvd.nist.gov/vuln/detail/CVE-2020-15665 https://bugzilla.mozilla.org/show_bug.cgi?id=1651636 https://www.mozilla.org/security/advisories/mfsa2020-36/ CVE-2020-15667 (MSFA-2020-36) -------------- When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. Links: https://nvd.nist.gov/vuln/detail/CVE-2020-15667 https://bugzilla.mozilla.org/show_bug.cgi?id=1653371 https://www.mozilla.org/security/advisories/mfsa2020-36/ CVE-2020-15674 (MSFA-2020-42) -------------- Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81. Links: https://nvd.nist.gov/vuln/detail/CVE-2020-15674 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1656063%2C1656064%2C1656067%2C1660293 https://www.mozilla.org/security/advisories/mfsa2020-42/ CVE-2020-15675 (MSFA-2020-42) -------------- When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. Links: https://nvd.nist.gov/vuln/detail/CVE-2020-15675 https://bugzilla.mozilla.org/show_bug.cgi?id=1654211 https://www.mozilla.org/security/advisories/mfsa2020-42/
*MFSA , need more coffee:)
*** This bug has been marked as a duplicate of bug 744208 ***