Advisories » MGASA-2020-0421

Updated firefox and thunderbird packages fix a security vulnerability

Publication date: 13 Nov 2020
Modification date: 13 Nov 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-26950

Description

Write side effects in MCallGetProperty opcode not accounted for.
In certain circumstances, the MCallGetProperty opcode can be emitted with
unmet assumptions resulting in an exploitable use-after-free condition.
(CVE-2020-26950)

Also some bugfix for Thunderbird have been added. See upstream release notes.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27589
• https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/
• https://www.mozilla.org/en-US/firefox/78.4.1/releasenotes/
• https://www.thunderbird.net/en-US/thunderbird/78.4.1/releasenotes/
• https://www.thunderbird.net/en-US/thunderbird/78.4.2/releasenotes/
• https://access.redhat.com/errata/RHSA-2020:5100
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26950

SRPMS

7/core

• firefox-78.4.1-1.mga7
• firefox-l10n-78.4.1-1.mga7
• thunderbird-78.4.2-1.mga7
• thunderbird-l10n-78.4.2-1.mga7