1) CVE-2020-6819 Description: "Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw." Bug (restricted): https://bugzilla.mozilla.org/show_bug.cgi?id=1620818 2) CVE-2020-6820 Description: "Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in the wild abusing this flaw." Bug (restricted): https://bugzilla.mozilla.org/show_bug.cgi?id=1626728 --- Both bugs are fixed in 74.0.1, 68.6.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d43bf3b3a985e4abe8742f909a4b30fbc9de42a2 commit d43bf3b3a985e4abe8742f909a4b30fbc9de42a2 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-04 10:40:31 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-04 10:52:49 +0000 www-client/firefox: bump to v74.0.1 Bug: https://bugs.gentoo.org/716098 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 92 +++ www-client/firefox/firefox-74.0.1.ebuild | 927 +++++++++++++++++++++++++++++++ 2 files changed, 1019 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=98af9c50c8ce90657c3f9d6eac4cc6f4891c3019 commit 98af9c50c8ce90657c3f9d6eac4cc6f4891c3019 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-04 10:38:42 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-04 10:52:48 +0000 www-client/firefox: bump to v68.6.1 Bug: https://bugs.gentoo.org/716098 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 92 ++++ www-client/firefox/firefox-68.6.1.ebuild | 910 +++++++++++++++++++++++++++++++ 2 files changed, 1002 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c50696d8c31b793d5d8b1555f822f45c16be0c89 commit c50696d8c31b793d5d8b1555f822f45c16be0c89 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-04 10:34:10 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-04 10:52:47 +0000 www-client/firefox-bin: bump to v74.0.1 Bug: https://bugs.gentoo.org/716098 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox-bin/Manifest | 93 +++++++ www-client/firefox-bin/firefox-bin-74.0.1.ebuild | 296 +++++++++++++++++++++++ 2 files changed, 389 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2936f91bc9851cfebcb4c0847c9566f482091d3e commit 2936f91bc9851cfebcb4c0847c9566f482091d3e Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-04 10:30:58 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-04 10:52:47 +0000 www-client/firefox-bin: bump to v68.6.1 Bug: https://bugs.gentoo.org/716098 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox-bin/Manifest | 93 ++++++++ www-client/firefox-bin/firefox-bin-68.6.1.ebuild | 280 +++++++++++++++++++++++ 2 files changed, 373 insertions(+)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202004-07 at https://security.gentoo.org/glsa/202004-07 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architectures.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1da500bdb0fe6106b421c697e79a33ca49a6dbc commit e1da500bdb0fe6106b421c697e79a33ca49a6dbc Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-04 11:49:40 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-04 11:49:52 +0000 www-client/firefox: amd64 & x86 stable (bug #716098) Bug: https://bugs.gentoo.org/716098 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/firefox-68.6.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
amd64 & x86 stable
arm64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c2dce974f4448159a4c69c2a74436f83b54598b commit 9c2dce974f4448159a4c69c2a74436f83b54598b Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-05 15:12:08 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-05 15:12:08 +0000 www-client/firefox-bin: security cleanup Bug: https://bugs.gentoo.org/716098 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox-bin/Manifest | 186 ------------- .../firefox-bin/firefox-bin-68.6.0-r2.ebuild | 280 ------------------- www-client/firefox-bin/firefox-bin-74.0-r2.ebuild | 296 --------------------- 3 files changed, 762 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29810e5eedcee66c46e8fa28d3a733e74e37e573 commit 29810e5eedcee66c46e8fa28d3a733e74e37e573 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-04-05 15:11:28 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-04-05 15:11:28 +0000 www-client/firefox: security cleanup Bug: https://bugs.gentoo.org/716098 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-client/firefox/Manifest | 185 ------ www-client/firefox/firefox-68.6.0-r4.ebuild | 910 --------------------------- www-client/firefox/firefox-74.0-r3.ebuild | 927 ---------------------------- 3 files changed, 2022 deletions(-)
All done, repository is clean!