Advisories ยป MGASA-2020-0141

Updated firefox packages fix security vulnerabilities

Publication date: 14 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20503 , CVE-2020-6805 , CVE-2020-6806 , CVE-2020-6807 , CVE-2020-6811 , CVE-2020-6812 , CVE-2020-6814

Description

Updated firefox packages fix security vulnerabilities:

The inputs to sctp_load_addresses_from_init are verified by
sctp_arethere_unrecognized_parameters; however, the two functions
handled parameter bounds differently, resulting in out of bounds
reads when parameters are partially outside a chunk (CVE-2019-20503).

When removing data about an origin whose tab was recently closed,
a use-after-free could occur in the Quota manager, resulting in a
potentially exploitable crash (CVE-2020-6805).

By carefully crafting promise resolutions, it was possible to cause an
out-of-bounds read off the end of an array resized during script execution.
This could have led to memory corruption and a potentially exploitable
crash (CVE-2020-6806).

When a device was changed while a stream was about to be destroyed, the
stream-reinit task may have been executed after the stream was destroyed,
causing a use-after-free and a potentially exploitable crash
(CVE-2020-6807).

The 'Copy as cURL' feature of Devtools' network tab did not properly escape
the HTTP method of a request, which can be controlled by the website. If a
user used the 'Copy as Curl' feature and pasted the command into a terminal,
it could have resulted in command injection and arbitrary command execution
(CVE-2020-6811).

The first time AirPods are connected to an iPhone, they become named after
the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera
or microphone permission are able to enumerate device names, disclosing the
user's name. To resolve this issue, Firefox added a special case that
renames devices containing the substring 'AirPods' to simply 'AirPods'
(CVE-2020-6812).

Mozilla developers and community members Byron Campen, Jason Kratzer, and
Christian Holler reported memory safety bugs present in Firefox 73 and
Firefox ESR 68.5. Some of these bugs showed evidence of memory corruption
and we presume that with enough effort some of these could have been
exploited to run arbitrary code (CVE-2020-6814).

nss has been updated to 3.51 fixing various bugs and crashes.
                

References

SRPMS

7/core