Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 746104 (MFSA-2020-36, MFSA-2020-42) - <www-client/firefox-{80., 81.}: multiple vulnerabilities (MFSA-2020-36, MFSA-2020-42)
Summary: <www-client/firefox-{80., 81.}: multiple vulnerabilities (MFSA-2020-36, MFSA-...
Status: RESOLVED DUPLICATE of bug 744208
Alias: MFSA-2020-36, MFSA-2020-42
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/security/advi...
Whiteboard: A2?
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-02 08:01 UTC by filip ambroz
Modified: 2020-10-02 15:04 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2020-10-02 08:01:43 UTC
CVE-2020-15665 (MSFA-2020-36)
--------------
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15665
https://bugzilla.mozilla.org/show_bug.cgi?id=1651636
https://www.mozilla.org/security/advisories/mfsa2020-36/


CVE-2020-15667 (MSFA-2020-36)
--------------
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15667
https://bugzilla.mozilla.org/show_bug.cgi?id=1653371
https://www.mozilla.org/security/advisories/mfsa2020-36/


CVE-2020-15674 (MSFA-2020-42)
--------------
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15674
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1656063%2C1656064%2C1656067%2C1660293
https://www.mozilla.org/security/advisories/mfsa2020-42/


CVE-2020-15675 (MSFA-2020-42)
--------------
When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81.

Links:
https://nvd.nist.gov/vuln/detail/CVE-2020-15675
https://bugzilla.mozilla.org/show_bug.cgi?id=1654211
https://www.mozilla.org/security/advisories/mfsa2020-42/
Comment 1 filip ambroz 2020-10-02 08:11:48 UTC
*MFSA , need more coffee:)
Comment 2 Thomas Deutschmann gentoo-dev Security 2020-10-02 15:04:07 UTC

*** This bug has been marked as a duplicate of bug 744208 ***