https://bugzilla.mozilla.org/show_bug.cgi?id=1610426

GLSA-202003-02

USN-4278-2

https://www.mozilla.org/security/advisories/mfsa2020-05/

https://www.mozilla.org/security/advisories/mfsa2020-06/

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities:

  - When removing data about an origin whose tab was recently closed, a use-after-free could occur in the     Quota manager, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird <     68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6805)

  - By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of     an array resized during script execution. This could have led to memory corruption and a potentially     exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and     Firefox ESR < 68.6. (CVE-2020-6806)

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not     escape < and > characters. Because the resulting string is pasted directly into the text node of the     element this does not result in a direct injection into the webpage; however, if a webpage subsequently     copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability.
    Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox     ESR < 68.4 and Firefox < 72. (CVE-2019-17022)

  - When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly     rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in     data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17016)

  - Due to a missing case handling object types, a type confusion vulnerability could occur, resulting in a     crash. We presume that with enough effort that it could be exploited to run arbitrary code. This     vulnerability affects Firefox ESR < 68.4 and Firefox < 72. (CVE-2019-17017)

  - Mozilla developers reported memory safety bugs present in Firefox 71 and Firefox ESR 68.3. Some of these     bugs showed evidence of memory corruption and we presume that with enough effort some of these could have     been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
    (CVE-2019-17024)

  - Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type     confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Firefox ESR < 68.4.1, Thunderbird < 68.4.1, and Firefox < 72.0.1. (CVE-2019-17026)

  - A content process could have modified shared memory relating to crash reporting information, crash itself,     and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable     crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. (CVE-2020-6796)

  - If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and     execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer     a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email     in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in     browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox     < ESR68.5. (CVE-2020-6798)

  - Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR     68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some     of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited     through email in the Thunderbird product because scripting is disabled when reading mail, but are     potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5,     Firefox < 73, and Firefox < ESR68.5. (CVE-2020-6800)

  - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request,     which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command     into a terminal, it could have resulted in command injection and arbitrary command execution. This     vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.
    (CVE-2020-6811)

  - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. (CVE-2019-20503)

  - The first time AirPods are connected to an iPhone, they become named after the user's name by default     (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device     names, disclosing the user's name. To resolve this issue, Firefox added a special case that renames     devices containing the substring 'AirPods' to simply 'AirPods'. This vulnerability affects Thunderbird <     68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6812)

  - When a device was changed while a stream was about to be destroyed, the stream-reinit task     may have been executed after the stream was destroyed, causing a use-after-free and a potentially     exploitable crash. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and     Firefox ESR < 68.6. (CVE-2020-6807)

  - Mozilla developers reported memory safety bugs present in Firefox and Thunderbird 68.5. Some of these bugs     showed evidence of memory corruption and we presume that with enough effort some of these could have been     exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox <     ESR68.6, and Firefox ESR < 68.6. (CVE-2020-6814)

  - Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-     free. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects     Thunderbird < 68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. (CVE-2020-6819)

  - Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We     are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Thunderbird <     68.7.0, Firefox < 74.0.1, and Firefox ESR < 68.6.1. (CVE-2020-6820)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has firefox packages installed that are affected by multiple vulnerabilities:

  - A content process could have modified shared memory     relating to crash reporting information, crash itself,     and cause an out-of-bound write. This could have caused     memory corruption and a potentially exploitable crash.
    This vulnerability affects Firefox < 73 and Firefox <     ESR68.5. (CVE-2020-6796)

  - If a template tag was used in a select tag, the parser     could be confused and allow JavaScript parsing and     execution when it should not be allowed. A site that     relied on the browser behaving correctly could suffer a     cross-site scripting vulnerability as a result. In     general, this flaw cannot be exploited through email in     the Thunderbird product because scripting is disabled     when reading mail, but is potentially a risk in browser     or browser-like contexts. This vulnerability affects     Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.
    (CVE-2020-6798)

  - Mozilla developers and community members reported memory     safety bugs present in Firefox 72 and Firefox ESR 68.4.
    Some of these bugs showed evidence of memory corruption     and we presume that with enough effort some of these     could have been exploited to run arbitrary code. In     general, these flaws cannot be exploited through email     in the Thunderbird product because scripting is disabled     when reading mail, but are potentially risks in browser     or browser-like contexts. This vulnerability affects     Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.
    (CVE-2020-6800)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202003-02 (Mozilla Firefox: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Mozilla Firefox. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to view a specially crafted web       page, possibly resulting in the execution of arbitrary code with the       privileges of the process or a Denial of Service condition. Furthermore,       a remote attacker may be able to perform Man-in-the-Middle attacks,       obtain sensitive information, spoof the address bar, conduct clickjacking       attacks, bypass security restrictions and protection mechanisms, or have       other unspecified impact.
  Workaround :

    There is no known workaround at this time.

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-06 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

An update for firefox is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.5.0 ESR.

Security Fix(es) :

* Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796)

* Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800)

* Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.5.0 ESR.

Security Fix(es) :

* Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796)

* Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800)

* Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update for MozillaFirefox fixes the following issues :

Firefox Extended Support Release 68.5.0 ESR

  - CVE-2020-6796 (bmo#1610426) Missing bounds check on     shared memory read in the parent process

  - CVE-2020-6797 (bmo#1596668) Extensions granted     downloads.open permission could open arbitrary     applications on Mac OSX

  - CVE-2020-6798 (bmo#1602944) Incorrect parsing of     template tag could result in JavaScript injection

  - CVE-2020-6799 (bmo#1606596) Arbitrary code execution     when opening pdf links from other applications, when     Firefox is configured as default pdf reader

  - CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,     bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)     Memory safety bugs fixed in Firefox 73 and Firefox ESR     68.5

  - Fixed: Fixed various issues opening files with spaces in     their path (bmo#1601905, bmo#1602726)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox fixes the following issues :

Firefox Extended Support Release 68.5.0 ESR

  - Fixed: Various stability and security fixes

Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368)

  - CVE-2020-6796 (bmo#1610426) Missing bounds check on     shared memory read in the parent process

  - CVE-2020-6797 (bmo#1596668) Extensions granted     downloads.open permission could open arbitrary     applications on Mac OSX

  - CVE-2020-6798 (bmo#1602944) Incorrect parsing of     template tag could result in JavaScript injection

  - CVE-2020-6799 (bmo#1606596) Arbitrary code execution     when opening pdf links from other applications, when     Firefox is configured as default pdf reader

  - CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,     bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)     Memory safety bugs fixed in Firefox 73 and Firefox ESR     68.5

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox fixes the following issues :

  - Firefox Extended Support Release 68.5.0 ESR

  - Fixed: Various stability and security fixes

  - Mozilla Firefox ESR68.5 MFSA 2020-06 (bsc#1163368)

  - CVE-2020-6796 (bmo#1610426) Missing bounds check on     shared memory read in the parent process

  - CVE-2020-6797 (bmo#1596668) Extensions granted     downloads.open permission could open arbitrary     applications on Mac OSX

  - CVE-2020-6798 (bmo#1602944) Incorrect parsing of     template tag could result in JavaScript injection

  - CVE-2020-6799 (bmo#1606596) Arbitrary code execution     when opening pdf links from other applications, when     Firefox is configured as default pdf reader

  - CVE-2020-6800 (bmo#1595786, bmo#1596706, bmo#1598543,     bmo#1604851, bmo#1605777, bmo#1608580, bmo#1608785)     Memory safety bugs fixed in Firefox 73 and Firefox ESR     68.5

This update was imported from the SUSE:SLE-15:Update update project.

Security Fix(es) :

  - Mozilla: Missing bounds check on shared memory read in     the parent process (CVE-2020-6796)

  - Mozilla: Memory safety bugs fixed in Firefox 73 and     Firefox ESR 68.5 (CVE-2020-6800)

  - Mozilla: Incorrect parsing of template tag could result     in JavaScript injection (CVE-2020-6798)

Security Fix(es) :

  - Mozilla: Missing bounds check on shared memory read in     the parent process (CVE-2020-6796)

  - Mozilla: Memory safety bugs fixed in Firefox 73 and     Firefox ESR 68.5 (CVE-2020-6800)

An update for firefox is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.5.0 ESR.

Security Fix(es) :

* Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796)

* Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800)

* Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

An update for firefox is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.5.0 ESR.

Security Fix(es) :

* Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796)

* Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800)

* Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

From Red Hat Security Advisory 2020:0520 :

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.5.0 ESR.

Security Fix(es) :

* Mozilla: Missing bounds check on shared memory read in the parent process (CVE-2020-6796)

* Mozilla: Memory safety bugs fixed in Firefox 73 and Firefox ESR 68.5 (CVE-2020-6800)

* Mozilla: Incorrect parsing of template tag could result in JavaScript injection (CVE-2020-6798)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, or execute arbitrary code.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

For Debian 8 'Jessie', these problems have been fixed in version 68.5.0esr-1~deb8u1.

We recommend that you upgrade your firefox-esr packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Firefox installed on the remote Windows host is prior to 73.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-05 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 73.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-05 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of Firefox installed on the remote Windows host is prior to 68.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-06 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

New mozilla-firefox packages are available for Slackware 14.2 and
-current to fix security issues.

ID	Name	Product	Family	Severity
140283	NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0047)	Nessus	NewStart CGSL Local Security Checks	high
136906	NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0026)	Nessus	NewStart CGSL Local Security Checks	medium
134469	GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
133849	Mozilla Firefox ESR < 68.5 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
133769	CentOS 6 : firefox (CESA-2020:0521)	Nessus	CentOS Local Security Checks	medium
133768	CentOS 7 : firefox (CESA-2020:0520)	Nessus	CentOS Local Security Checks	medium
133762	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0384-1)	Nessus	SuSE Local Security Checks	medium
133761	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0383-1)	Nessus	SuSE Local Security Checks	medium
133759	openSUSE Security Update : MozillaFirefox (openSUSE-2020-230)	Nessus	SuSE Local Security Checks	medium
133755	Scientific Linux Security Update : firefox on SL7.x x86_64 (20200217)	Nessus	Scientific Linux Local Security Checks	medium
133754	Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200217)	Nessus	Scientific Linux Local Security Checks	medium
133753	RHEL 6 : firefox (RHSA-2020:0521)	Nessus	Red Hat Local Security Checks	medium
133752	RHEL 7 : firefox (RHSA-2020:0520)	Nessus	Red Hat Local Security Checks	medium
133751	RHEL 8 : firefox (RHSA-2020:0519)	Nessus	Red Hat Local Security Checks	medium
133747	RHEL 8 : firefox (RHSA-2020:0512)	Nessus	Red Hat Local Security Checks	medium
133745	Oracle Linux 7 : firefox (ELSA-2020-0520)	Nessus	Oracle Linux Local Security Checks	medium
133715	Ubuntu 18.04 LTS / 19.10 : Firefox vulnerabilities (USN-4278-1)	Nessus	Ubuntu Local Security Checks	medium
133697	Debian DLA-2102-1 : firefox-esr security update	Nessus	Debian Local Security Checks	medium
133693	Mozilla Firefox < 73.0	Nessus	Windows	medium
133692	Mozilla Firefox < 73.0	Nessus	MacOS X Local Security Checks	medium
133677	Mozilla Firefox ESR < 68.5 Multiple Vulnerabilities	Nessus	Windows	medium
133657	Debian DSA-4620-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	medium
133642	Slackware 14.2 / current : mozilla-firefox (SSA:2020-042-01)	Nessus	Slackware Local Security Checks	medium

CVE-2020-6796

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins