Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 746104 (MFSA-2020-36, MFSA-2020-42) - <www-client/firefox-{80., 81.}: multiple vulnerabilities (MFSA-2020-36, MFSA-2020-42)
Summary: <www-client/firefox-{80., 81.}: multiple vulnerabilities (MFSA-2020-36, MFSA-...
Status: RESOLVED DUPLICATE of bug 744208
Alias: MFSA-2020-36, MFSA-2020-42
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2?
Depends on:
Reported: 2020-10-02 08:01 UTC by filip ambroz
Modified: 2020-10-02 15:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-10-02 08:01:43 UTC
CVE-2020-15665 (MSFA-2020-36)
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.


CVE-2020-15667 (MSFA-2020-36)
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.


CVE-2020-15674 (MSFA-2020-42)
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.


CVE-2020-15675 (MSFA-2020-42)
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.

Comment 1 filip ambroz 2020-10-02 08:11:48 UTC
*MFSA , need more coffee:)
Comment 2 Thomas Deutschmann gentoo-dev Security 2020-10-02 15:04:07 UTC

*** This bug has been marked as a duplicate of bug 744208 ***