Arch Linux Security Advisory ASA-202002-5

Severity: Critical
Date : 2020-02-11
CVE-ID : CVE-2020-6796 CVE-2020-6798 CVE-2020-6800 CVE-2020-6801
Package : firefox
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1096

Summary

The package firefox before version 73.0-1 is vulnerable to multiple
issues including arbitrary code execution and cross-site scripting.

Resolution

Upgrade to 73.0-1.

pacman -Syu “firefox>=73.0-1”

The problems have been fixed upstream in version 73.0.

Workaround

None.

Description

• CVE-2020-6796 (arbitrary code execution)

A missing bounds check on shared memory read in the parent process has
been found in Firefox before 73.0. A content process could have
modified shared memory relating to crash reporting information, crash
itself, and cause an out-of-bound write. This could have caused memory
corruption and a potentially exploitable crash.

• CVE-2020-6798 (cross-site scripting)

An incorrect parsing of template could result in Javascript injection
in Firefox before 73.0 and Thunderbird before 68.5. If a <template> tag
was used in a <select%gt; tag, the parser could be confused and allow
JavaScript parsing and execution when it should not be allowed. A site
that relied on the browser behaving correctly could suffer a cross-site
scripting vulnerability as a result.
In general, this flaw cannot be exploited through email in the
Thunderbird product because scripting is disabled when reading mail,
but is potentially a risk in browser or browser-like contexts.

• CVE-2020-6800 (arbitrary code execution)

Several memory safety bugs have been found in Firefox before 73.0 and
Thunderbird before 68.5. Some of these bugs showed evidence of memory
corruption and Mozilla presumes that with enough effort some of these
could have been exploited to run arbitrary code.

• CVE-2020-6801 (arbitrary code execution)

Several memory safety bugs have been found in Firefox before 73.0. Some
of these bugs showed evidence of memory corruption and Mozilla presumes
that with enough effort some of these could have been exploited to run
arbitrary code.

Impact

A remote attacker can inject javascript on a vulnerable site, and
execute arbitrary code.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2020-05
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
https://bugzilla.mozilla.org/show_bug.cgi?id=1610426
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798
https://bugzilla.mozilla.org/show_bug.cgi?id=1602944
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800
https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1595786%2C1596706%2C1598543%2C1604851%2C1608580%2C1608785%2C1605777
https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1601024%2C1601712%2C1604836%2C1606492
https://security.archlinux.org/CVE-2020-6796
https://security.archlinux.org/CVE-2020-6798
https://security.archlinux.org/CVE-2020-6800
https://security.archlinux.org/CVE-2020-6801