* CVE-2020-15969 A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash. References * CVE-2020-15683 Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. ---- As ever, there's also https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/ for Firefox 82, but they're getting handled in this bug anyway and aren't eligible for GLSA (not in stable version).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10f540c3334dbe5bd0a1413f890b9762ba59bca6 commit 10f540c3334dbe5bd0a1413f890b9762ba59bca6 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-21 22:49:05 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-21 22:49:05 +0000 www-client/firefox: amd64 & x86 stable Bug: https://bugs.gentoo.org/750446 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/firefox-78.4.0.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
arm64 done all arches done
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23bdbb5707dd557ded7e596f4946136252016d7d commit 23bdbb5707dd557ded7e596f4946136252016d7d Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-23 00:52:39 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-23 00:52:39 +0000 mail-client/thunderbird-bin: security cleanup Bug: https://bugs.gentoo.org/750446 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-client/thunderbird-bin/Manifest | 132 ------- .../thunderbird-bin/thunderbird-bin-78.3.2.ebuild | 370 -------------------- .../thunderbird-bin/thunderbird-bin-78.3.3.ebuild | 378 --------------------- 3 files changed, 880 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae4d0bfd7bf7fd323c2d43778f4908fba59fbd48 commit ae4d0bfd7bf7fd323c2d43778f4908fba59fbd48 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-23 00:52:15 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-23 00:52:15 +0000 mail-client/thunderbird: security cleanup Bug: https://bugs.gentoo.org/750446 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> mail-client/thunderbird/Manifest | 131 --- mail-client/thunderbird/thunderbird-78.3.2.ebuild | 1016 -------------------- mail-client/thunderbird/thunderbird-78.3.3.ebuild | 1035 --------------------- 3 files changed, 2182 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b47149e2061daccf2dea26ada458ee2014d51da commit 9b47149e2061daccf2dea26ada458ee2014d51da Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-23 00:51:06 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-23 00:51:06 +0000 www-client/firefox-bin: security cleanup Bug: https://bugs.gentoo.org/750446 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox-bin/Manifest | 291 --------------- .../firefox-bin/firefox-bin-78.3.1-r1.ebuild | 403 --------------------- .../firefox-bin/firefox-bin-81.0.1-r1.ebuild | 403 --------------------- www-client/firefox-bin/firefox-bin-81.0.2.ebuild | 403 --------------------- 4 files changed, 1500 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4befbbed6fe0ac47b7276c672153b259251d140e commit 4befbbed6fe0ac47b7276c672153b259251d140e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-10-23 00:49:39 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-10-23 00:49:39 +0000 www-client/firefox: security cleanup Bug: https://bugs.gentoo.org/750446 Package-Manager: Portage-3.0.8, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 291 ------ ...-hwaccel-prefs.js-1 => gentoo-hwaccel-prefs.js} | 0 www-client/firefox/firefox-78.3.1.ebuild | 1098 -------------------- www-client/firefox/firefox-78.4.0.ebuild | 2 +- www-client/firefox/firefox-81.0.1-r1.ebuild | 1098 -------------------- www-client/firefox/firefox-81.0.1.ebuild | 1066 ------------------- www-client/firefox/firefox-81.0.2.ebuild | 1098 -------------------- www-client/firefox/firefox-82.0.ebuild | 2 +- 8 files changed, 2 insertions(+), 4653 deletions(-)
This issue was resolved and addressed in GLSA 202010-08 at https://security.gentoo.org/glsa/202010-08 by GLSA coordinator Sam James (sam_c).