Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 750446 (CVE-2020-15683, MFSA-2020-45, MFSA-2020-46, MFSA-2020-47) - <www-client/{firefox,thunderbird}{,-bin}-{78.4.0, 82.0}: Multiple vulnerabilities (MFSA-2020-{45,46,47})
Summary: <www-client/{firefox,thunderbird}{,-bin}-{78.4.0, 82.0}: Multiple vulnerabili...
Status: RESOLVED FIXED
Alias: CVE-2020-15683, MFSA-2020-45, MFSA-2020-46, MFSA-2020-47
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+ cve]
Keywords: CC-ARCHES
Depends on:
Blocks: CVE-2020-15969
  Show dependency tree
 
Reported: 2020-10-20 17:20 UTC by Sam James
Modified: 2020-10-28 00:36 UTC (History)
1 user (show)

See Also:
Package list:
www-client/firefox-78.4.0
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-10-20 17:20:13 UTC
* CVE-2020-15969

A use-after-free bug in the usersctp library was reported upstream. We assume this could have led to memory corruption and a potentially exploitable crash.
References

* CVE-2020-15683

Mozilla developers and community members Jason Kratzer, Simon Giesecke, Philipp, and Christian Holler reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.

----
As ever, there's also https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/ for Firefox 82, but they're getting handled in this bug anyway and aren't eligible for GLSA (not in stable version).
Comment 1 Larry the Git Cow gentoo-dev 2020-10-21 22:49:56 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=10f540c3334dbe5bd0a1413f890b9762ba59bca6

commit 10f540c3334dbe5bd0a1413f890b9762ba59bca6
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-21 22:49:05 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-21 22:49:05 +0000

    www-client/firefox: amd64 & x86 stable
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/firefox-78.4.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 2 Sam James archtester gentoo-dev Security 2020-10-23 00:31:39 UTC
arm64 done

all arches done
Comment 3 Larry the Git Cow gentoo-dev 2020-10-23 00:53:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23bdbb5707dd557ded7e596f4946136252016d7d

commit 23bdbb5707dd557ded7e596f4946136252016d7d
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:52:39 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:52:39 +0000

    mail-client/thunderbird-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-client/thunderbird-bin/Manifest               | 132 -------
 .../thunderbird-bin/thunderbird-bin-78.3.2.ebuild  | 370 --------------------
 .../thunderbird-bin/thunderbird-bin-78.3.3.ebuild  | 378 ---------------------
 3 files changed, 880 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ae4d0bfd7bf7fd323c2d43778f4908fba59fbd48

commit ae4d0bfd7bf7fd323c2d43778f4908fba59fbd48
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:52:15 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:52:15 +0000

    mail-client/thunderbird: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 mail-client/thunderbird/Manifest                  |  131 ---
 mail-client/thunderbird/thunderbird-78.3.2.ebuild | 1016 --------------------
 mail-client/thunderbird/thunderbird-78.3.3.ebuild | 1035 ---------------------
 3 files changed, 2182 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b47149e2061daccf2dea26ada458ee2014d51da

commit 9b47149e2061daccf2dea26ada458ee2014d51da
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:51:06 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:51:06 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox-bin/Manifest                    | 291 ---------------
 .../firefox-bin/firefox-bin-78.3.1-r1.ebuild       | 403 ---------------------
 .../firefox-bin/firefox-bin-81.0.1-r1.ebuild       | 403 ---------------------
 www-client/firefox-bin/firefox-bin-81.0.2.ebuild   | 403 ---------------------
 4 files changed, 1500 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4befbbed6fe0ac47b7276c672153b259251d140e

commit 4befbbed6fe0ac47b7276c672153b259251d140e
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-10-23 00:49:39 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-10-23 00:49:39 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/750446
    Package-Manager: Portage-3.0.8, Repoman-3.0.2
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 www-client/firefox/Manifest                        |  291 ------
 ...-hwaccel-prefs.js-1 => gentoo-hwaccel-prefs.js} |    0
 www-client/firefox/firefox-78.3.1.ebuild           | 1098 --------------------
 www-client/firefox/firefox-78.4.0.ebuild           |    2 +-
 www-client/firefox/firefox-81.0.1-r1.ebuild        | 1098 --------------------
 www-client/firefox/firefox-81.0.1.ebuild           | 1066 -------------------
 www-client/firefox/firefox-81.0.2.ebuild           | 1098 --------------------
 www-client/firefox/firefox-82.0.ebuild             |    2 +-
 8 files changed, 2 insertions(+), 4653 deletions(-)
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2020-10-28 00:36:54 UTC
This issue was resolved and addressed in
 GLSA 202010-08 at https://security.gentoo.org/glsa/202010-08
by GLSA coordinator Sam James (sam_c).