Updated firefox packages fix security vulnerabilities
Publication date: 18 Feb 2020Modification date: 18 Feb 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-6796 , CVE-2020-6798 , CVE-2020-6800
Description
Updated firefox packages fix security vulnerabilities: Due to a missing bounds check on shared memory read in the parent process, a content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash (CVE-2020-6796). If a tag was used in a
References
- https://bugs.mageia.org/show_bug.cgi?id=26181
- https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/lK7toqtJ96E
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.50_release_notes
- https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6796
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6798
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6800
SRPMS
7/core
- nspr-4.25-1.mga7
- nss-3.50.0-1.mga7
- firefox-68.5.0-1.mga7
- firefox-l10n-68.5.0-1.mga7